From 7b7af0227e87793bdf81ffc35e50a21c9ab372f1 Mon Sep 17 00:00:00 2001
From: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
Date: Fri, 7 Jan 2022 15:41:27 -0300
Subject: [PATCH] Note added in section Trusted CA certificate

Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
Change-Id: Id0a986aa1aacc3f2936b44e43851f7017f2587a0
---
 .../security/kubernetes/add-a-trusted-ca.rst       | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/doc/source/security/kubernetes/add-a-trusted-ca.rst b/doc/source/security/kubernetes/add-a-trusted-ca.rst
index 68ab3995f..36775229e 100644
--- a/doc/source/security/kubernetes/add-a-trusted-ca.rst
+++ b/doc/source/security/kubernetes/add-a-trusted-ca.rst
@@ -108,6 +108,13 @@ For example:
     Error with cert number 3 in the file: certificate is not valid before 2021-08-13 14:00:21 nor after 2021-08-13 15:00:21
     Error with cert number 4 in the file: certificate is not valid before 2018-08-16 20:28:20 nor after 2021-06-05 20:28:20
 
+.. note::
+
+    Installing a new ``ssl_ca`` with ``system certificate-install -m ssl_ca``
+    or deleting an old ``ssl_ca`` with ``system certificate-uninstall`` must be
+    followed by locking and unlocking all controller nodes for the change to
+    take effect.
+
 .. _add-a-trusted-ca-section-phr-jw4-3mb:
 
 ---------------------------------------------
@@ -132,6 +139,13 @@ running the following command:
 
 where, <UUID> is the UUID of the ssl\_ca certtype to be removed.
 
+.. note::
+
+    Installing a new ``ssl_ca`` with ``system certificate-install -m ssl_ca``
+    or deleting an old ``ssl_ca`` with ``system certificate-uninstall`` must be
+    followed by locking and unlocking all controller nodes for the change to
+    take effect.
+
 -----------------------------------
 Update/Renew trusted CA certficates
 -----------------------------------