diff --git a/docs/testsite.rst b/docs/testsite.rst
index 1f87bd8fd1d648ddba4cc1c0b85cdc513b620e9d..9dcbb064a99f0728400a178a52ab8c2218d31c94 100644
--- a/docs/testsite.rst
+++ b/docs/testsite.rst
@@ -93,7 +93,7 @@ In order to deploy the test site, the following steps would normally be taken:
      be ``web.example.com``)
    - ``testsite/tls/web.example.com_https.pem`` (subject alternative name should
      be ``web.example.com``)
-   - ``testsite/tls/phpinffo.example.com_https.pem`` (subject alternative name
+   - ``testsite/tls/phpinfo.example.com_https.pem`` (subject alternative name
      should be ``phpinfo.example.com``)
    - ``testsite/tls/wsgi.example.com_https.pem`` (subject alternative name
      should be ``wsgi.example.com``)
diff --git a/testsite/tls/templates/ldap.example.com_ldap.cfg b/testsite/tls/templates/ldap.example.com_ldap.cfg
index af86c584fb19cc7dd96f2ea847f8202a9d752ecc..6dc4d541020235416c638ec920444d60c975d5b5 100644
--- a/testsite/tls/templates/ldap.example.com_ldap.cfg
+++ b/testsite/tls/templates/ldap.example.com_ldap.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/mail.example.com_smtp.cfg b/testsite/tls/templates/mail.example.com_smtp.cfg
index 5910ad13a5a88ef1383f89721d58913e38309a43..4a32651b000f27e57878864024f919da0cae09c2 100644
--- a/testsite/tls/templates/mail.example.com_smtp.cfg
+++ b/testsite/tls/templates/mail.example.com_smtp.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/phpinfo.example.com_https.cfg b/testsite/tls/templates/phpinfo.example.com_https.cfg
index 6815c7a1d1ae1432b000fd4c91587fb6fe4e040c..269d4850252c45804165f54b7e39641bbdcba6c9 100644
--- a/testsite/tls/templates/phpinfo.example.com_https.cfg
+++ b/testsite/tls/templates/phpinfo.example.com_https.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/web.example.com_https.cfg b/testsite/tls/templates/web.example.com_https.cfg
index 823765f8fb76b12e8a508b9536a760f8397e61ff..a422b6e124ec1f93e725c8a75c12c79599af6966 100644
--- a/testsite/tls/templates/web.example.com_https.cfg
+++ b/testsite/tls/templates/web.example.com_https.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/wsgi.example.com_https.cfg b/testsite/tls/templates/wsgi.example.com_https.cfg
index e15e9e21e4723527b912b46cb712e6069cd9883c..442aa3e400ff278f2205d90b493d8d518b7b8b9b 100644
--- a/testsite/tls/templates/wsgi.example.com_https.cfg
+++ b/testsite/tls/templates/wsgi.example.com_https.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key
diff --git a/testsite/tls/templates/xmpp.example.com_xmpp.cfg b/testsite/tls/templates/xmpp.example.com_xmpp.cfg
index ad7b4ed3a372cba044dc66a03899fbbafc527812..d35b85b0c6f54d4629aad9a456cda9cbd786f738 100644
--- a/testsite/tls/templates/xmpp.example.com_xmpp.cfg
+++ b/testsite/tls/templates/xmpp.example.com_xmpp.cfg
@@ -25,3 +25,8 @@ tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).
 signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+encryption_key