Add connect from other namespace

Author: PatAltimore

articles/iot-operations/manage-mqtt-broker/howto-configure-tls-auto.md

@@ -7,7 +7,7 @@ ms.subservice: azure-mqtt-broker
 ms.topic: how-to
 ms.custom:
   - ignite-2023
-ms.date: 08/03/2024
+ms.date: 08/13/2024
 
 #CustomerIntent: As an operator, I want to configure MQTT broker to use TLS so that I have secure communication between the MQTT broker and client.
 ---
@@ -228,6 +228,8 @@ renewBefore: 240h
 san:
   dns:
   - iotmq.example.com
+  # To connect to the broker from a different namespace, add the following DNS name:
+  - aio-mq-dmqtt-frontend.azure-iot-operations.svc.cluster.local
   ip:
   - 192.168.1.1
 ```

articles/iot-operations/manage-mqtt-broker/howto-test-connection.md

@@ -135,6 +135,8 @@ kubectl get configmap aio-ca-trust-bundle-test-only -n azure-iot-operations -o j
 
 Use the downloaded `ca.crt` file to configure your client to trust the broker's TLS certificate chain.
 
+If you are connecting to the broker from a different namespace, you must use the full service hostname `aio-mq-dmqtt-frontend.azure-iot-operations.svc.cluster.local`. You must also add the DNS name to the server certificate by including a subject alternative name (SAN) DNS field to the *BrokerListener* resource. For more information, see [Configure server certificate parameters](howto-configure-tls-auto.md#optional-configure-server-certificate-parameters).
+
 ### Authenticate with the broker
 
 By default, MQTT broker only accepts Kubernetes service accounts for authentication for connections from within the cluster. To connect from outside the cluster, you must configure a different authentication method like X.509. For more information, see [Configure authentication](howto-configure-authentication.md).