diff --git a/doc/source/backup/kubernetes/running-restore-playbook-locally-on-the-controller.rst b/doc/source/backup/kubernetes/running-restore-playbook-locally-on-the-controller.rst
index a750c69e4..998e434fa 100644
--- a/doc/source/backup/kubernetes/running-restore-playbook-locally-on-the-controller.rst
+++ b/doc/source/backup/kubernetes/running-restore-playbook-locally-on-the-controller.rst
@@ -24,6 +24,12 @@ following commands to run the Ansible Restore playbook:
 
     ~(keystone_admin)]$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/restore_platform.yml -e "initial_backup_dir=<location_of_tarball ansible_become_pass=<admin_password> admin_password=<admin_password backup_filename=<backup_filename> wipe_ceph_osds=<true/false> ssl_ca_certificate_file=<complete path>/<ssl_ca certificates file>"
 
+.. note::
+    If there are any expired ``ssl_ca`` certificates in the backup, the restore
+    (both, legacy and optimized) filters out the expired certificates and
+    restores only the valid ones. 
+
+  
 Below you can find other ``-e`` command line options:
 
 **Common**
@@ -117,19 +123,15 @@ Below you can find other ``-e`` command line options:
         hardware. For more details, see :ref:`node-replacement-for-aiominussx-using-optimized-backup-and-restore-6603c650c80d`.
 
 
--   ``ssl_ca_certificate_file`` defines a single certificate that
-    contains all the ssl_ca certificates that will be installed during the
-    restore. It will replace
-    ``/opt/platform/config/<software-version>/ca-cert.pem``, which is a
-    single file containing all the ssl_ca certificates installed in
-    the host when the backup was done. The certificate assigned to this
-    parameter must follow this same pattern.
+-   ``ssl_ca_certificate_file`` defines a single certificate or a bundle that
+    contains all the ``ssl_ca`` certificates that will be installed during the
+    restore. 
 
     .. note::
 
-      The ssl_ca certificates are not automatically renewed, you MUST renew
+      The ``ssl_ca`` certificates are not automatically renewed, you MUST renew
       the soon-to-expire certificates before the backup operation. The expired
-      ssl_ca certificates are not restored.
+      ``ssl_ca`` certificates are not restored.
       For more details, see :ref:`Recommended Backup and Retention Policies<recommended-backup-and-retention-policies>`.
 
     For example:
@@ -142,6 +144,16 @@ Below you can find other ``-e`` command line options:
 
         -e "ssl_ca_certificate_file=/home/sysadmin/new_ca-cert.pem"
 
+    .. note::
+
+        In **legacy** restore, when this option is used, it replaces all
+        ``ssl_ca`` certificates in the backup {{
+        with the one specified in ``ssl_ca_certificate_file``.
+
+        In the **optimized** restore, when this option is used, it adds certificates
+        from ``ssl_ca_certificate_file`` to the existing ``ssl_ca`` certificates in
+        the backup” }}.
+
     This parameter depends on ``on_box_data`` value.
 
     When ``on_box_data=true`` or not defined, ``ssl_ca_certificate_file``
diff --git a/doc/source/backup/kubernetes/system-backup-running-ansible-restore-playbook-remotely.rst b/doc/source/backup/kubernetes/system-backup-running-ansible-restore-playbook-remotely.rst
index ab0c9d855..4d6abe79e 100644
--- a/doc/source/backup/kubernetes/system-backup-running-ansible-restore-playbook-remotely.rst
+++ b/doc/source/backup/kubernetes/system-backup-running-ansible-restore-playbook-remotely.rst
@@ -142,13 +142,9 @@ In this method you can run Ansible Restore playbook and point to controller-0.
 
             scp: /tmp/.ansible-sysadmin/tmp/ansible-tmp-1687355968.13-696694507261/source: No space left on device
 
-    -   ``ssl_ca_certificate_file`` defines a single certificate that
-        contains all the ssl_ca certificates that will be installed during the
-        restore. It will replace the
-        ``/opt/platform/config/<software-version>/ca-cert.pem``, which is a
-        single certificate containing all the ssl_ca certificates installed in
-        the host when backup was done. So, the certificate assigned to this
-        parameter must follow this same pattern.
+    -   ``ssl_ca_certificate_file`` defines a single certificate or a bundle that
+        contains all the ``ssl_ca`` certificates that will be installed during the
+        restore. 
 
         For example:
 
@@ -160,6 +156,16 @@ In this method you can run Ansible Restore playbook and point to controller-0.
 
             -e "ssl_ca_certificate_file=/home/sysadmin/new_ca-cert.pem"
 
+        .. note::
+
+            In **legacy** restore, when this option is used, it replaces all
+            ``ssl_ca`` certificates in the backup {{
+            with the one specified in ``ssl_ca_certificate_file``.
+
+            In the **optimized** restore, when this option is used, it adds certificates
+            from ``ssl_ca_certificate_file`` to the existing ``ssl_ca`` certificates in
+            the backup” }}.
+
     .. note::
 
         If the backup contains patches, Ansible Restore playbook will apply