Merge pull request #183533 from kgremban/dec22-devicecaperms

PRMerger-2 · web-flow · commit 7c17a6fe324a · 2021-12-22T14:46:02.000-08:00
Clarify which certificate the filemodes apply to
diff --git a/articles/iot-edge/how-to-manage-device-certificates.md b/articles/iot-edge/how-to-manage-device-certificates.md
@@ -161,7 +161,7 @@ If you are using IoT Edge for Linux on Windows, you need to use the SSH key loca
    * The certificate files should be owned by the **aziotcs** group.
 
    >[!TIP]
-   >If your certificate is read-only, meaning you created it and don't want the IoT Edge service to rotate it, set the private key file to mode 0440 and the certificate file to mode 0444. If you created the initial files and then configured the cert service to rotate the certificate in the future, set the private key file to mode 0660 and the certificate file to mode 0664.
+   >If your device CA certificate is read-only, meaning you created it and don't want the IoT Edge service to rotate it, set the private key file to mode 0440 and the certificate file to mode 0444. If you created the initial files and then configured the cert service to rotate the device CA certificate in the future, set the private key file to mode 0660 and the certificate file to mode 0664.
 
 1. If you've used any other certificates for IoT Edge on the device before, delete the files in the following directory. IoT Edge will recreate them with the new CA certificate you provided.
 
