feedback

Author: Shereen-Bhar

articles/defender-for-iot/organizations/how-to-deploy-certificates.md

@@ -16,7 +16,7 @@ This article describes how to create and deploy SSL/TLS certificates on OT netwo
 
 You can deploy SSL/TLS certificates during initial configuration as well as later on.
 
-Certificates are validated against the certificate expiration date and against a passphrase, if available. Invalid certificates can't be uploaded to OT sensors or on-premises management consoles, and will block encrypted communication between Defender for IoT components.
+Defender for IoT validates certificates against the certificate expiration date and against a passphrase, if one is defined. Validations against a Certificate Revocation List (CRL) and the certificate trust chain are available as well, though not mandatory. Invalid certificates can't be uploaded to OT sensors or on-premises management consoles, and will block encrypted communication between Defender for IoT components.
 
 Each certificate authority (CA)-signed certificate must have both a `.key` file and a `.crt` file, which are uploaded to OT network sensors and on-premises management consoles after the first sign-in. While some organizations may also require a `.pem` file, a `.pem` file isn't required for Defender for IoT.