spring-projects · jzheaux · May 1, 2025 · Apr 28, 2025
diff --git a/docs/modules/ROOT/pages/servlet/authentication/x509.adoc b/docs/modules/ROOT/pages/servlet/authentication/x509.adoc
@@ -8,14 +8,12 @@ The browser automatically checks that the certificate presented by a server has
 You can also use SSL with "`mutual authentication`". The server then requests a valid certificate from the client as part of the SSL handshake.
 The server authenticates the client by checking that its certificate is signed by an acceptable authority.
 If a valid certificate has been provided, it can be obtained through the servlet API in an application.
-The Spring Security X.509 module extracts the certificate by using a filter.
-It maps the certificate to an application user and loads that user's set of granted authorities for use with the standard Spring Security infrastructure.
-
-You can also use SSL with "`mutual authentication`". The server then requests a valid certificate from the client as part of the SSL handshake.
-The server authenticates the client by checking that its certificate is signed by an acceptable authority.
 For example, if you use Tomcat, you should read the https://tomcat.apache.org/tomcat-10.1-doc/ssl-howto.html[Tomcat SSL instructions].
 You should get this working before trying it out with Spring Security.
 
+The Spring Security X.509 module extracts the certificate by using a filter.
+It maps the certificate to an application user and loads that user's set of granted authorities for use with the standard Spring Security infrastructure.
+
 
 == Adding X.509 Authentication to Your Web Application
 Enabling X.509 client authentication is very straightforward.