diff --git a/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst b/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst
index a3a8b5d1f..140087dd4 100644
--- a/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst
+++ b/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst
@@ -117,12 +117,12 @@ requirements must be met:
 - The subcloud platform networks should be configured with the expected IP
   family (IPv4 or IPv6) because the IP family of a subcloud cannot be updated.
 
-- Same SSL_CA certs (system_local_ca_cert, system_local_ca_key, and
-  system_root_ca_cert) need to be installed on both the central cloud system
-  controllers and the factory-installed subclouds in ``localhost.yaml`` to
-  enable the |SSL| communication via |OAM| connection. Otherwise, the
-  enrollment will fail due to |SSL| failure while requesting subcloud's region
-  name (logs can be found in dcmanager.log).
+- SSL_CA certs (system_local_ca_cert, system_local_ca_key, and
+  system_root_ca_cert) need to be installed on the factory installed subclouds
+  in ``localhost.yaml`` to enable the |SSL| communication via |OAM| connection during
+  enrollment. The system controller performing the subcloud enrollment needs to
+  have a trusted |CA| that can validate the server certificates used for the
+  factory installed systems. For more details, see :ref:`add-a-trusted-ca`.
 
 - Kubernetes RootCA certs need to be specified during the factory installation
   process in ``localhost.yaml``, otherwise, the kube-rootca endpoint will be