MicrosoftDocs
diff --git a/‎articles/frontdoor/front-door-custom-domain-https.md
Lines changed: 6 additions & 6 deletions b/‎articles/frontdoor/front-door-custom-domain-https.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/frontdoor/front-door-faq.md
Lines changed: 11 additions & 11 deletions b/‎articles/frontdoor/front-door-faq.md
Lines changed: 11 additions & 11 deletions
diff --git a/‎articles/frontdoor/front-door-how-to-onboard-apex-domain.md
Lines changed: 2 additions & 2 deletions b/‎articles/frontdoor/front-door-how-to-onboard-apex-domain.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/frontdoor/front-door-how-to-redirect-https.md
Lines changed: 3 additions & 3 deletions b/‎articles/frontdoor/front-door-how-to-redirect-https.md
Lines changed: 3 additions & 3 deletions
@@ -34,7 +34,7 @@ In this tutorial, you learn how to:
 > [!div class="checklist"]
 > - Enable the HTTPS protocol on your custom domain.
 > - Use an AFD-managed certificate 
-> - Use your own certificate, that is, a custom SSL certificate
+> - Use your own certificate, that is, a custom TLS/SSL certificate
 > - Validate the domain
 > - Disable the HTTPS protocol on your custom domain
 
@@ -45,9 +45,9 @@ In this tutorial, you learn how to:
 
 Before you can complete the steps in this tutorial, you must first create a Front Door and with at least one custom domain onboarded. For more information, see [Tutorial: Add a custom domain to your Front Door](front-door-custom-domain.md).
 
-## SSL certificates
+## TLS/SSL certificates
 
-To enable the HTTPS protocol for securely delivering content on a Front Door custom domain, you must use an SSL certificate. You can choose to use a certificate that is managed by Azure Front Door or use your own certificate.
+To enable the HTTPS protocol for securely delivering content on a Front Door custom domain, you must use a TLS/SSL certificate. You can choose to use a certificate that is managed by Azure Front Door or use your own certificate.
 
 
 ### Option 1 (default): Use a certificate managed by Front Door
@@ -69,7 +69,7 @@ To enable HTTPS on a custom domain, follow these steps:
 
 ### Option 2: Use your own certificate
 
-You can use your own certificate to enable the HTTPS feature. This process is done through an integration with Azure Key Vault, which allows you to store your certificates securely. Azure Front Door uses this secure mechanism to get your certificate and it requires a few additional steps. When you create your SSL certificate, you must create it with an allowed certificate authority (CA). Otherwise, if you use a non-allowed CA, your request will be rejected. For a list of allowed CAs, see [Allowed certificate authorities for enabling custom HTTPS on Azure Front Door](front-door-troubleshoot-allowed-ca.md).
+You can use your own certificate to enable the HTTPS feature. This process is done through an integration with Azure Key Vault, which allows you to store your certificates securely. Azure Front Door uses this secure mechanism to get your certificate and it requires a few additional steps. When you create your TLS/SSL certificate, you must create it with an allowed certificate authority (CA). Otherwise, if you use a non-allowed CA, your request will be rejected. For a list of allowed CAs, see [Allowed certificate authorities for enabling custom HTTPS on Azure Front Door](front-door-troubleshoot-allowed-ca.md).
 
 #### Prepare your Azure Key vault account and certificate
 
@@ -81,7 +81,7 @@ You can use your own certificate to enable the HTTPS feature. This process is do
 2. Azure Key Vault certificates: If you already have a certificate, you can upload it directly to your Azure Key Vault account or you can create a new certificate directly through Azure Key Vault from one of the partner CAs that Azure Key Vault integrates with. Upload your certificate as a **certificate** object, rather than a **secret**.
 
 > [!NOTE]
-> For your own SSL certificate, Front Door doesn't support certificates with EC cryptography algorithms.
+> For your own TLS/SSL certificate, Front Door doesn't support certificates with EC cryptography algorithms.
 
 #### Register Azure Front Door
 
@@ -257,7 +257,7 @@ The following table shows the operation progress that occurs when you disable HT
 
 4. *Is using a SAN certificate less secure than a dedicated certificate?*
 
-    A SAN certificate follows the same encryption and security standards as a dedicated certificate. All issued SSL certificates use SHA-256 for enhanced server security.
+    A SAN certificate follows the same encryption and security standards as a dedicated certificate. All issued TLS/SSL certificates use SHA-256 for enhanced server security.
 
 5. *Do I need a Certificate Authority Authorization record with my DNS provider?*
 
 
@@ -29,7 +29,7 @@ Azure Front Door is an Application Delivery Network (ADN) as a service, offering
 
 ### What features does Azure Front Door support?
 
-Azure Front Door supports dynamic site acceleration (DSA), SSL offloading and end to end SSL, Web Application Firewall, cookie-based session affinity, url path-based routing, free certificates and multiple domain management, and others. For a full list of supported features, see [Overview of Azure Front Door](front-door-overview.md).
+Azure Front Door supports dynamic site acceleration (DSA), TLS/SSL offloading and end to end TLS, Web Application Firewall, cookie-based session affinity, url path-based routing, free certificates and multiple domain management, and others. For a full list of supported features, see [Overview of Azure Front Door](front-door-overview.md).
 
 ### What is the difference between Azure Front Door and Azure Application Gateway?
 
@@ -41,7 +41,7 @@ The key scenarios why one should use Application Gateway behind Front Door are:
 
 - Front Door can perform path-based load balancing only at the global level but if one wants to load balance traffic even further within their virtual network (VNET) then they should use Application Gateway.
 - Since Front Door doesn't work at a VM/container level, so it cannot do Connection Draining. However, Application Gateway allows you to do Connection Draining. 
-- With an Application Gateway behind AFD, one can achieve 100% SSL offload and route only HTTP requests within their virtual network (VNET).
+- With an Application Gateway behind AFD, one can achieve 100% TLS/SSL offload and route only HTTP requests within their virtual network (VNET).
 - Front Door and Application Gateway both support session affinity. While Front Door can direct subsequent traffic from a user session to the same cluster or backend in a given region, Application Gateway can direct affinitize the traffic to the same server within the cluster.  
 
 ### Can we deploy Azure Load Balancer behind Front Door?
@@ -113,7 +113,7 @@ Learn more about the [Front Door supported HTTP headers](front-door-http-headers
 
 A new Front Door creation or any updates to an existing Front Door takes about 3 to 5 minutes for global deployment. That means in about 3 to 5 minutes, your Front Door configuration will be deployed across all of our POPs globally.
 
-Note - Custom SSL certificate updates take about 30 minutes to be deployed globally.
+Note - Custom TLS/SSL certificate updates take about 30 minutes to be deployed globally.
 
 Any updates to routes or backend pools etc. are seamless and will cause zero downtime (if the new configuration is correct). Certificate updates are also atomic and will not cause any outage, unless switching from 'AFD Managed' to 'Use your own cert' or vice versa.
 
@@ -134,7 +134,7 @@ Learn about all the documented [timeouts and limits for Azure Front Door](https:
 
 Azure Front Door is a globally distributed multi-tenant platform with huge volumes of capacity to cater to your application's scalability needs. Delivered from the edge of Microsoft's global network, Front Door provides global load-balancing capability that allows you to fail over your entire application or even individual microservices across regions or different clouds.
 
-## SSL configuration
+## TLS configuration
 
 ### What TLS versions are supported by Azure Front Door?
 
@@ -145,12 +145,12 @@ Front Door supports TLS versions 1.0, 1.1 and 1.2. TLS 1.3 is not yet supported.
 ### What certificates are supported on Azure Front Door?
 
 To enable the HTTPS protocol for securely delivering content on a Front Door custom domain, you can choose to use a certificate that is managed by Azure Front Door or use your own certificate.
-The Front Door managed option provisions a standard SSL certificate via Digicert and  stored in Front Door's Key Vault. If you choose to use your own certificate, then you can onboard a certificate from a supported CA and can be a standard SSL, extended validation certificate, or even a wildcard certificate. Self-signed certificates are not supported. Learn [how to enable HTTPS for a custom domain](https://aka.ms/FrontDoorCustomDomainHTTPS).
+The Front Door managed option provisions a standard TLS/SSL certificate via Digicert and  stored in Front Door's Key Vault. If you choose to use your own certificate, then you can onboard a certificate from a supported CA and can be a standard TLS, extended validation certificate, or even a wildcard certificate. Self-signed certificates are not supported. Learn [how to enable HTTPS for a custom domain](https://aka.ms/FrontDoorCustomDomainHTTPS).
 
 ### Does Front Door support autorotation of certificates?
 
 For the Front Door managed certificate option, the certificates are autorotated by Front Door. If you are using a Front Door managed certificate and see that the certificate expiry date is less than 60 days away, file a support ticket.
-</br>For your own custom SSL certificate, autorotation isn't supported. Similar to how it was set up the first time for a given custom domain, you will need to point Front Door to the right certificate version in your Key Vault and ensure that the service principal for Front Door still has access to the Key Vault. This updated certificate rollout operation by Front Door is atomic and doesn't cause any production impact provided the subject name or SAN for the certificate doesn't change.
+</br>For your own custom TLS/SSL certificate, autorotation isn't supported. Similar to how it was set up the first time for a given custom domain, you will need to point Front Door to the right certificate version in your Key Vault and ensure that the service principal for Front Door still has access to the Key Vault. This updated certificate rollout operation by Front Door is atomic and doesn't cause any production impact provided the subject name or SAN for the certificate doesn't change.
 
 ### What are the current cipher suites supported by Azure Front Door?
 
@@ -177,34 +177,34 @@ The following are the current cipher suites supported by Azure Front Door:
 - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
 
-### Can I configure SSL policy to control SSL Protocol versions?
+### Can I configure TLS policy to control TLS Protocol versions?
 
 You can configure a minimum TLS version in Azure Front Door in the custom domain HTTPS settings via Azure portal or the [Azure REST API](https://docs.microsoft.com/rest/api/frontdoorservice/frontdoor/frontdoors/createorupdate#minimumtlsversion). Currently, you can choose between 1.0 and 1.2.
 
 ### Can I configure Front Door to only support specific cipher suites?
 
-No, configuring Front Door for specific cipher suites is not supported. However, you can get your own custom SSL certificate from your Certificate Authority (say Verisign, Entrust, or Digicert) and have specific cipher suites marked on the certificate when you have it generated. 
+No, configuring Front Door for specific cipher suites is not supported. However, you can get your own custom TLS/SSL certificate from your Certificate Authority (say Verisign, Entrust, or Digicert) and have specific cipher suites marked on the certificate when you have it generated. 
 
 ### Does Front Door support OCSP stapling?
 
 Yes, OCSP stapling is supported by default by Front Door and no configuration is required.
 
 ### Does Azure Front Door also support re-encryption of traffic to the backend?
 
-Yes, Azure Front Door supports SSL offload, and end to end SSL, which re-encrypts the traffic to the backend. In fact, since the connections to the backend happen over it's public IP, it is recommended that you configure your Front Door to use HTTPS as the forwarding protocol.
+Yes, Azure Front Door supports TLS/SSL offload, and end to end TLS, which re-encrypts the traffic to the backend. In fact, since the connections to the backend happen over it's public IP, it is recommended that you configure your Front Door to use HTTPS as the forwarding protocol.
 
 ### Does Front Door support self-signed certificates on the backend for HTTPS connection?
 
 No, self-signed certificates are not supported on Front Door and the restriction applies to both:
 
 1. **Backends**: You cannot use self-signed certificates when you are forwarding the traffic as HTTPS or HTTPS health probes or filling the cache for from origin for routing rules with caching enabled.
-2. **Frontend**: You cannot use self-signed certificates when using your own custom SSL certificate for enabling HTTPS on your custom domain.
+2. **Frontend**: You cannot use self-signed certificates when using your own custom TLS/SSL certificate for enabling HTTPS on your custom domain.
 
 ### Why is HTTPS traffic to my backend failing?
 
 For having successful HTTPS connections to your backend whether for health probes or for forwarding requests, there could be two reasons why HTTPS traffic might fail:
 
-1. **Certificate subject name mismatch**: For HTTPS connections, Front Door expects that your backend presents certificate from a valid CA with subject name(s) matching the backend hostname. As an example, if your backend hostname is set to `myapp-centralus.contosonews.net` and the certificate that your backend presents during the SSL handshake neither has `myapp-centralus.contosonews.net` nor `*myapp-centralus*.contosonews.net` in the subject name, the Front Door will refuse the connection and result in an error. 
+1. **Certificate subject name mismatch**: For HTTPS connections, Front Door expects that your backend presents certificate from a valid CA with subject name(s) matching the backend hostname. As an example, if your backend hostname is set to `myapp-centralus.contosonews.net` and the certificate that your backend presents during the TLS handshake neither has `myapp-centralus.contosonews.net` nor `*myapp-centralus*.contosonews.net` in the subject name, the Front Door will refuse the connection and result in an error. 
     1. **Solution**: While it is not recommended from a compliance standpoint, you can workaround this error by disabling certificate subject name check for your Front Door. This is present under Settings in Azure portal and under BackendPoolsSettings in the API.
 2. **Backend hosting certificate from invalid CA**: Only certificates from [valid CAs](/azure/frontdoor/front-door-troubleshoot-allowed-ca) can be used at the backend with Front Door. Certificates from internal CAs or self-signed certificates are not allowed.
 
 
@@ -21,7 +21,7 @@ Mapping your apex or root domain to your Front Door profile basically requires C
 > [!NOTE]
 > There are other DNS providers as well that support CNAME flattening or DNS chasing, however, Azure Front Door recommends using Azure DNS for its customers for hosting their domains.
 
-You can use the Azure portal to onboard an apex domain on your Front Door and enable HTTPS on it by associating it with a certificate for SSL termination. Apex domains are also referred as root or naked domains.
+You can use the Azure portal to onboard an apex domain on your Front Door and enable HTTPS on it by associating it with a certificate for TLS termination. Apex domains are also referred as root or naked domains.
 
 In this article, you learn how to:
 
@@ -60,7 +60,7 @@ In this article, you learn how to:
 2. Select the  **Certificate management type** to _'Use my own certificate'_.
 
 > [!WARNING]
-> Front Door managed certificate management type is not currently supported for apex or root domains. The only option available for enabling HTTPS on an apex or root domain for Front Door is using your own custom SSL certificate hosted on Azure Key Vault.
+> Front Door managed certificate management type is not currently supported for apex or root domains. The only option available for enabling HTTPS on an apex or root domain for Front Door is using your own custom TLS/SSL certificate hosted on Azure Key Vault.
 
 3. Ensure that you have setup the right permissions for Front Door to access your key Vault as noted in the UI, before proceeding to the next step.
 4. Choose a **Key Vault account** from your current subscription and then select the appropriate **Secret** and **Secret version** to map to the right certificate.
 
@@ -11,13 +11,13 @@ ms.author: sharadag
 ---
 # Create a Front Door with HTTP to HTTPS redirection using the Azure portal
 
-You can use the Azure portal to create a [Front Door](front-door-overview.md) with a certificate for SSL termination. A routing rule is used to redirect HTTP traffic to HTTPS.
+You can use the Azure portal to create a [Front Door](front-door-overview.md) with a certificate for TLS termination. A routing rule is used to redirect HTTP traffic to HTTPS.
 
 In this article, you learn how to:
 
 > [!div class="checklist"]
 > * Create a Front Door with an existing Web App resource
-> * Add a custom domain with SSL certificate 
+> * Add a custom domain with TLS/SSL certificate 
 > * Setup HTTPS redirect on the custom domain
 
 If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
@@ -83,7 +83,7 @@ After you add the CNAME, the DNS records page looks like the following example:
 ### Enable HTTPS on your custom domain
 
 1. Click on the custom domain that was added and under the section **Custom domain HTTPS**, change the status to **Enabled**.
-2. You can leave the **Certificate management type** set to _Front Door managed_ for the free certificate maintained, managed, and autorotated by Front Door. You can also choose to use your own custom SSL certificate stored with Azure Key Vault. This tutorial assumes that the use of Front Door managed certificate.
+2. You can leave the **Certificate management type** set to _Front Door managed_ for the free certificate maintained, managed, and autorotated by Front Door. You can also choose to use your own custom TLS/SSL certificate stored with Azure Key Vault. This tutorial assumes that the use of Front Door managed certificate.
 ![Enabling HTTPS for custom domain](./media/front-door-url-redirect/front-door-custom-domain-https.png)
 
 3. Click on **Update** to save the selection and then click **Save**.