diff --git a/docs/source/simplesamlphp-sp.xml b/docs/source/simplesamlphp-sp.xml
index cd35ea73d59a8f3089010c83e38996692fcd573f..1a41e7f761f082ce4d3d0ebbdc5c352936d0eb78 100644
--- a/docs/source/simplesamlphp-sp.xml
+++ b/docs/source/simplesamlphp-sp.xml
@@ -436,13 +436,20 @@
             <glossterm>certFingerprint</glossterm>
 
             <glossdef>
-              <para>The <literal>md5</literal> checksum of the certificate
+              <para>The <literal>sha1</literal> checksum of the certificate
               used by the IdP. If you don't know how to compute this, you can
               leave it as it is, and then you'll get an error message the
               first time you try to login. In this error message you are told
               what is the fingerprint of the IdP certificiate, which you may
               copy to this metadata parameter.</para>
 
+              <para>It is also possible to add an array of valid fingerprints,
+              where any fingerprints in that array is accepted as valid. This
+              can be used to update the certificate of the IdP without having
+              to update every SP at that exact time. Instead, one can update
+              the SPs with the new fingerprint, and only update the certificate
+              after every SP is updated.</para>
+
               <para>See <xref linkend="a.fingerprint" /> for an example of how
               to calculate the fingerprint with the <literal>openssl</literal>
               tool.</para>
@@ -783,13 +790,20 @@
           <glossterm>certFingerprint</glossterm>
 
           <glossdef>
-            <para>The <literal>md5</literal> checksum of the certificate used
+            <para>The <literal>sha</literal> checksum of the certificate used
             by the IdP. If you don't know how to compute this, you can leave
             it as it is, and then you'll get an error message the first time
             you try to login. In this error message you are told what is the
             fingerprint of the IdP certificiate, which you may copy to this
             metadata parameter.</para>
 
+            <para>It is also possible to add an array of valid fingerprints,
+            where any fingerprints in that array is accepted as valid. This
+            can be used to update the certificate of the IdP without having to
+            update every SP at that exact time. Instead, one can update the
+            SPs with the new fingerprint, and only update the certificate
+            after every SP is updated.</para>
+
             <para>See <xref linkend="a.fingerprint" /> for an example of how
             to calculate the fingerprint with the openssl tool.</para>
           </glossdef>