Fix TFE_REDIS_USE_MTLS heading. Add example for TFE_OBJECT_STORAGE_S3_ENDPOINT

content/terraform-enterprise/1.0.x/docs/enterprise/deploy/prepare-host.mdx

@@ -116,34 +116,39 @@ If your certificate files are from Let’s Encrypt, the file names map to the fo
 
 If you do not have a certificate, you can generate a self-signed certificate. 
 
-The following example uses the `openssl` command to generate an RSA key and certificate for `MyOrganization`. Specify details about your organization in the `-subj` flag or omit and enter them when prompted. Refer to the [OpenSSL documentation](https://docs.openssl.org/master/man1/openssl-req/) for information about forming the command. The `-nodes` option is required because Terraform Enterprise cannot use a private key that is protected by a passphrase.
+The following example uses the `openssl` command to generate an RSA key and certificate for an organization with name `MyOrganization`.  The `-nodes` option is required because Terraform Enterprise cannot use a private key that is protected by a passphrase. Specify details about your organization in the `-subj` flag. Refer to the [OpenSSL documentation](https://docs.openssl.org/master/man1/openssl-req/) for information about forming the command. 
+
+The example is making use of environment variables to keep the self-signed certificate generation a simple one line command.
+
+|Environment variable overview||
+| --- |--- |
+|`CERT_CN`|Common Name (e.g. server FQDN or YOUR name) [], use your Terraform Enteprise FQDN here|
+|`CERT_COUNTRY`|Country Name (2 letter code) [AU]|
+|`CERT_STATE`|State or Province Name (full name) [Some-State]|
+|`CERT_LOCALITY`|Locality Name (eg, city)|
+|`CERT_ORGNAME`| Organization Name (eg, company) [Internet Widgits Pty Ltd]|
+|`CERT_ORGUNIT`|Organizational Unit Name (eg, section)|
+
+First export the details of `MyOrganization` as environment variables, replace the example values as required.
 
 ```shell-session
-openssl req -nodes -x509 -sha256 -newkey rsa:4096 \
- -keyout cert.key \
- -out cert.crt \
- -days 356 \
- -subj "/C=US/ST=CA/L=San Francisco/O=MyOrganization/OU=Global/CN=example.com" \
- -addext "subjectAltName=DNS:example.com"
+export CERT_CN="tfe.example.com"
+export CERT_COUNTRY="US"
+export CERT_STATE="California"
+export CERT_LOCALITY="San Francisco"
+export CERT_ORGNAME="MyOrganization"
+export CERT_ORGUNIT="Engineering"
 ```
 
-When generating the key, replace `<terraform.example.com>` with the Terraform Enterprise hostname:
+Then generate the self-signed certificate.
 
 ```shell-session
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:US
-State or Province Name (full name) [Some-State]:California
-Locality Name (eg, city) []:San Francisco
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:HashiCorp, Inc.
-Organizational Unit Name (eg, section) []:Engineering
-Common Name (e.g. server FQDN or YOUR name) []:<terraform.example.com>
-Email Address []:
+openssl req -nodes -x509 -sha256 -newkey rsa:4096 \
+ -keyout cert.key \
+ -out cert.crt \
+ -days 356 \
+ -subj "/C=${CERT_COUNTRY}/ST=${CERT_STATE}/L=${CERT_LOCALITY}/O=${CERT_ORGNAME}/OU=${CERT_ORGUNIT}/CN=${CERT_CN}" \
+ -addext "subjectAltName=DNS:${CERT_CN}"
 ```
 
 Copy the `cert.pem` file to a new file named `bundle.pem`:

content/terraform-enterprise/1.0.x/docs/enterprise/deploy/reference/configuration.mdx

@@ -314,7 +314,7 @@ Must be `true` or `false`. `true` indicates Redis server is configured to use `T
 
 Must be `true` or `false`. `true` indicates to use TLS to access Redis. Defaults to `false`.
 
-## `TFE_REDIS_USE_MTLS`
+### `TFE_REDIS_USE_MTLS`
 
 Must be `true` or `false`. `true` indicates to use mutual TLS (mTLS) authentication for clients to access Redis with Redis standalone or Sentinel. Defaults to `false`. 
 
@@ -615,8 +615,12 @@ Required when `TFE_OBJECT_STORAGE_TYPE` is `s3`.
 
 #### `TFE_OBJECT_STORAGE_S3_ENDPOINT`
 
-S3 endpoint. Useful when using a private S3 endpoint. Leave blank to use the
-default AWS S3 endpoint. Defaults to `""`.
+S3 endpoint. Useful when using a private S3 endpoint.
+
+Example: `TFE_OBJECT_STORAGE_S3_ENDPOINT: https://s3.example.com`
+
+Leave blank to use the default AWS S3 endpoint. Defaults to `""`.
+
 
 #### `TFE_OBJECT_STORAGE_S3_REGION`
 

content/terraform-enterprise/v202507-1/docs/enterprise/deploy/reference/configuration.mdx

@@ -529,8 +529,11 @@ Required when `TFE_OBJECT_STORAGE_TYPE` is `s3`.
 
 #### `TFE_OBJECT_STORAGE_S3_ENDPOINT`
 
-S3 endpoint. Useful when using a private S3 endpoint. Leave blank to use the
-default AWS S3 endpoint. Defaults to `""`.
+S3 endpoint. Useful when using a private S3 endpoint. 
+
+Example: `TFE_OBJECT_STORAGE_S3_ENDPOINT: https://s3.example.com`
+
+Leave blank to use the default AWS S3 endpoint. Defaults to `""`.
 
 #### `TFE_OBJECT_STORAGE_S3_REGION`