Suggestion from review

jlian · PatAltimore · web-flow · commit 2ed36f177252 · 2024-11-21T11:02:39.000-08:00
Co-authored-by: Pat Altimore &lt;17440249+PatAltimore@users.noreply.github.com&gt;
diff --git a/articles/iot-operations/manage-mqtt-broker/howto-configure-authentication.md b/articles/iot-operations/manage-mqtt-broker/howto-configure-authentication.md
@@ -606,7 +606,7 @@ To get a TLS-enabled listener port, see [Enable TLS manual certificate managemen
 > - **Client validation**: The MQTT broker (server) checks the client certificate against the trusted CA certificate specified in the `trustedClientCaCert` field for X.509 client authentication.
 > - **Server validation**: Clients (like mosquitto or MQTTX) check the MQTT broker's server certificate against the trusted CA certificate in their trust store. For mosquitto clients, use the `--cafile` parameter to specify the CA certificate file. For MQTTX, add the CA certificate to the trust store in the settings.
 >
-> So, after enabling X.509 authentication, ensure that clients trust the broker's server certificate by having the *server-side* CA certificate in their trust store. Don't confuse this with the *client-side* CA certificate used for client authentication, which is specified in the `trustedClientCaCert` field.
+> After enabling X.509 authentication, ensure that clients trust the broker's server certificate by having the *server-side* CA certificate in their trust store. Don't confuse trusting the *server-side* CA certificate with the *client-side* CA certificate used for client authentication that is specified in the `trustedClientCaCert` field.
 >
 > For a full example, see [Tutorial: TLS, X.509 client authentication, and attribute-based access control (ABAC) authorization](./tutorial-tls-and-x509.md).
 

Original file line number	Diff line number	Diff line change
`@@ -606,7 +606,7 @@ To get a TLS-enabled listener port, see [Enable TLS manual certificate managemen`
`606`	`606`	> - Client validation: The MQTT broker (server) checks the client certificate against the trusted CA certificate specified in the `trustedClientCaCert` field for X.509 client authentication.
`607`	`607`	> - Server validation: Clients (like mosquitto or MQTTX) check the MQTT broker's server certificate against the trusted CA certificate in their trust store. For mosquitto clients, use the `--cafile` parameter to specify the CA certificate file. For MQTTX, add the CA certificate to the trust store in the settings.
`608`	`608`	`>`
`609`		-> So, after enabling X.509 authentication, ensure that clients trust the broker's server certificate by having the server-side CA certificate in their trust store. Don't confuse this with the client-side CA certificate used for client authentication, which is specified in the `trustedClientCaCert` field.
	`609`	+> After enabling X.509 authentication, ensure that clients trust the broker's server certificate by having the server-side CA certificate in their trust store. Don't confuse trusting the server-side CA certificate with the client-side CA certificate used for client authentication that is specified in the `trustedClientCaCert` field.
`610`	`610`	`>`
`611`	`611`	`> For a full example, see [Tutorial: TLS, X.509 client authentication, and attribute-based access control (ABAC) authorization](./tutorial-tls-and-x509.md).`
`612`	`612`