diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index b359fbff295..af5dbf8ee22 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2018,7 +2018,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
        </para>
        <para>
         The special value <literal>system</literal> may be specified instead, in
-        which case the system's trusted CA roots will be loaded. The exact
+        which case the trusted CA roots from the SSL implementation will be loaded. The exact
         locations of these root certificates differ by SSL implementation and
         platform. For <productname>OpenSSL</productname> in particular, the
         locations may be further modified by the <envar>SSL_CERT_DIR</envar>
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 59f39e89924..ec78092227a 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1994,7 +1994,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
    <literal>sslmode=verify-ca</literal> or
    <literal>verify-full</literal> and have the appropriate root certificate
    file installed (<xref linkend="libq-ssl-certificates"/>). Alternatively the
-   system CA pool can be used using <literal>sslrootcert=system</literal>; in
+   <link linkend="libpq-connect-sslrootcert">system CA pool</link>, as defined by the SSL implementation, can be used using <literal>sslrootcert=system</literal>; in
    this case, <literal>sslmode=verify-full</literal> is forced for safety, since
    it is generally trivial to obtain certificates which are signed by a public
    CA.