From 87f28a1c2be4973a340eac4d9233ea37deaef31e Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Thu, 27 Jan 2022 22:19:37 +0000
Subject: [PATCH] Clarify the difference between generating and regenerating
 certificates

Change-Id: Ia0e846fe7807334f436f71c8d7da06d2625872fd
---
 doc/source/user/security/ssl-certificates.rst | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/doc/source/user/security/ssl-certificates.rst b/doc/source/user/security/ssl-certificates.rst
index 4ff69fc080..58a0928fb7 100644
--- a/doc/source/user/security/ssl-certificates.rst
+++ b/doc/source/user/security/ssl-certificates.rst
@@ -72,7 +72,7 @@ Generating and regenerating self-signed certificates
 Self-signed certificates are generated for each service during the first
 run of the playbook.
 
-To generate a new self-signed certificate for a service, you must set
+To regenerate a new self-signed certificate for a service, you must set
 the ``<servicename>_pki_regen_cert`` variable to true in one of the
 following ways:
 
@@ -102,7 +102,7 @@ outside of Openstack ansible. These user certificates are signed by the same
 self-signed certificate authority as is used by openstack services
 but are intended to be used by user applications.
 
-To create user certificates, define a variable with the prefix
+To generate user certificates, define a variable with the prefix
 ``user_pki_certificates_`` in the ``/etc/openstack_deploy/user_variables.yml``
 file.
 
@@ -122,7 +122,13 @@ Example
         extended_key_usage:
           - serverAuth
 
-To generate a new self-signed certificate for a service, you must set
+Generate the certificate with the following command:
+
+.. code-block:: shell-session
+
+   # openstack-ansible certificate-generate.yml
+
+To regenerate a new self-signed certificate for a service, you must set
 the ``user_pki_regen_cert`` variable to true in one of the
 following ways: