From 2a245a006cc7b92d35d2b4c2d0a43d23e1b2d711 Mon Sep 17 00:00:00 2001
From: Rachel Elledge <rachel.elledge@redislabs.com>
Date: Wed, 16 Apr 2025 14:04:42 -0500
Subject: [PATCH 1/2] DOC-1574 RS: Added mtls_trusted_ca to certificates table

---
 content/operate/rs/security/certificates/_index.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/content/operate/rs/security/certificates/_index.md b/content/operate/rs/security/certificates/_index.md
index f1deb1436..bc95d89e6 100644
--- a/content/operate/rs/security/certificates/_index.md
+++ b/content/operate/rs/security/certificates/_index.md
@@ -21,10 +21,11 @@ Here's the list of self-signed certificates that create secure, encrypted connec
 | `cm` | Secures connections to the Redis Enterprise Cluster Manager UI. |
 | `ldap_client` | Secures connections between LDAP clients and LDAP servers. |
 | `metrics_exporter` | Sends Redis Enterprise metrics to external [monitoring tools]({{< relref "/operate/rs/monitoring/" >}}) over a secure connection. |
+| `mtls_trusted_ca` | Required to enable certificate-based authentication for secure, passwordless access to the REST API. |
 | `proxy` | Creates secure, encrypted connections between clients and databases. |
 | `syncer` | For [Active-Active]({{< relref "/operate/rs/databases/active-active/" >}}) or [Replica Of]({{< relref "/operate/rs/databases/import-export/replica-of/" >}}) databases, encrypts data during the synchronization of participating clusters. |
 
-These self-signed certificates are generated on the first node of each Redis Enterprise Software installation and are copied to all other nodes added to the cluster.
+These self-signed certificates, excluding `ldap_client` and `mtls_trusted_ca`, are generated on the first node of each Redis Enterprise Software installation and are copied to all other nodes added to the cluster.
 
 When you use the default self-signed certificates and you connect to the Cluster Manager UI over a web browser, you'll see an untrusted connection notification.
 

From 5b9f0deb37f85f84d26f79e7e09e2123813e9b4f Mon Sep 17 00:00:00 2001
From: Rachel Elledge <rachel.elledge@redislabs.com>
Date: Thu, 17 Apr 2025 12:19:13 -0500
Subject: [PATCH 2/2] DOC-1574 Feedback updates and copy edits for certificates
 overview

---
 .../rs/security/certificates/_index.md        | 32 +++++++++++--------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/content/operate/rs/security/certificates/_index.md b/content/operate/rs/security/certificates/_index.md
index bc95d89e6..a7e9c1731 100644
--- a/content/operate/rs/security/certificates/_index.md
+++ b/content/operate/rs/security/certificates/_index.md
@@ -11,22 +11,26 @@ linkTitle: Certificates
 weight: 60
 ---
 
-Redis Enterprise Software uses self-signed certificates by default to ensure that the product is secure. If using a self-signed certificate is not the right solution for you, you can import a certificate signed by a certificate authority of your choice.
+Redis Enterprise Software uses self-signed certificates by default to ensure that the product is secure. These certificates are autogenerated on the first node of each Redis Enterprise Software installation and are copied to all other nodes added to the cluster.
 
-Here's the list of self-signed certificates that create secure, encrypted connections to your Redis Enterprise cluster:
+You can replace a self-signed certificate with one signed by a certificate authority of your choice.
 
-| Certificate name | Description |
-|------------------|-------------|
-| `api` | Encrypts [REST API]({{< relref "/operate/rs/references/rest-api/" >}}) requests and responses. |
-| `cm` | Secures connections to the Redis Enterprise Cluster Manager UI. |
-| `ldap_client` | Secures connections between LDAP clients and LDAP servers. |
-| `metrics_exporter` | Sends Redis Enterprise metrics to external [monitoring tools]({{< relref "/operate/rs/monitoring/" >}}) over a secure connection. |
-| `mtls_trusted_ca` | Required to enable certificate-based authentication for secure, passwordless access to the REST API. |
-| `proxy` | Creates secure, encrypted connections between clients and databases. |
-| `syncer` | For [Active-Active]({{< relref "/operate/rs/databases/active-active/" >}}) or [Replica Of]({{< relref "/operate/rs/databases/import-export/replica-of/" >}}) databases, encrypts data during the synchronization of participating clusters. |
+## Supported certificates
 
-These self-signed certificates, excluding `ldap_client` and `mtls_trusted_ca`, are generated on the first node of each Redis Enterprise Software installation and are copied to all other nodes added to the cluster.
+Here's the list of supported certificates that create secure, encrypted connections to your Redis Enterprise Software cluster:
 
-When you use the default self-signed certificates and you connect to the Cluster Manager UI over a web browser, you'll see an untrusted connection notification.
+| Certificate name | Autogenerated | Description |
+|------------------|:---------------:|-------------|
+| `api` | <span title="Yes">&#x2705;</span> | Encrypts [REST API]({{< relref "/operate/rs/references/rest-api/" >}}) requests and responses. |
+| `cm` | <span title="Yes">&#x2705;</span> | Secures connections to the Redis Enterprise Cluster Manager UI. |
+| `ldap_client` | <span title="No">:x:</span> | Secures connections between LDAP clients and LDAP servers. |
+| `metrics_exporter` | <span title="Yes">&#x2705;</span> | Sends Redis Enterprise metrics to external [monitoring tools]({{< relref "/operate/rs/monitoring/" >}}) over a secure connection. |
+| `mtls_trusted_ca` | <span title="No">:x:</span>  | Required to enable certificate-based authentication for secure, passwordless access to the REST API. |
+| `proxy` | <span title="Yes">&#x2705;</span> | Creates secure, encrypted connections between clients and databases. |
+| `syncer` | <span title="Yes">&#x2705;</span> | For [Active-Active]({{< relref "/operate/rs/databases/active-active/" >}}) or [Replica Of]({{< relref "/operate/rs/databases/import-export/replica-of/" >}}) databases, encrypts data during the synchronization of participating clusters. |
 
-Depending on your browser, you can allow the connection for each session or add an exception to trust the certificate for all future sessions.
\ No newline at end of file
+Certificates that are not autogenerated are optional unless you want to use certain features. For example, you must provide your own `ldap_client` certificate to enable [LDAP authentication]({{<relref "/operate/rs/security/access-control/ldap">}}) or an `mtls_trusted_ca` certificate to enable certificate-based authentication.
+
+## Accept self-signed certificates to access the Cluster Manager UI
+
+When you use the default self-signed certificates and you connect to the Cluster Manager UI over a web browser, you'll see an untrusted connection notification. Depending on your browser, you can allow the connection for each session or add an exception to trust the certificate for all future sessions.
\ No newline at end of file