Update howto-configure-tls-manual.md - server chain

katriendg · web-flow · commit 55f4d8de57fc · 2024-02-12T13:44:18.000+01:00
Removed the root CA from the server chain, as it's typically not recommended. Root is distributed upfront. (Spec: https://www.rfc-editor.org/rfc/rfc5246#section-7.4.2)
diff --git a/articles/iot-operations/manage-mqtt-connectivity/howto-configure-tls-manual.md b/articles/iot-operations/manage-mqtt-connectivity/howto-configure-tls-manual.md
@@ -60,10 +60,10 @@ Both EC and RSA keys are supported, but all certificates in the chain must use t
 
 ## Import server certificate chain as a Kubernetes secret
 
-1. Create a full server certificate chain, where the the server certificate is the first one in the file, and the root CA is the last one.
+1. Create a full server certificate chain, where the order of the certificates matters: the server certificate is the first one in the file, the intermediate is the second.
 
     ```bash
-    cat  mqtts-endpoint.crt intermediate_ca.crt root_ca.crt  > server_chain.pem
+    cat  mqtts-endpoint.crt intermediate_ca.crt  > server_chain.pem
     ```
 
 1. Create a Kubernetes secret with the server certificate chain and server key using kubectl.
