Merge pull request #199955 from ecfan/certificates

Logic Apps: Clarify private certificate info

Author: denrea

articles/logic-apps/logic-apps-enterprise-integration-certificates.md

@@ -24,7 +24,7 @@ You can use the following certificate types in your workflows:
 
 * [Public certificates](https://en.wikipedia.org/wiki/Public_key_certificate), which you must purchase from a public internet [certificate authority (CA)](https://en.wikipedia.org/wiki/Certificate_authority). These certificates don't require any keys.
 
-* Private certificates or [*self-signed certificates*](https://en.wikipedia.org/wiki/Self-signed_certificate), which you create and issue yourself. However, these certificates require private keys.
+* Private certificates or [*self-signed certificates*](https://en.wikipedia.org/wiki/Self-signed_certificate), which you create and issue yourself. However, these certificates require [private keys in an Azure key vault](#prerequisites).
 
 If you're new to logic apps, review [What is Azure Logic Apps](logic-apps-overview.md)? For more information about B2B enterprise integration, review [B2B enterprise integration workflows with Azure Logic Apps and Enterprise Integration Pack](logic-apps-enterprise-integration-overview.md).
 
@@ -58,15 +58,15 @@ If you're new to logic apps, review [What is Azure Logic Apps](logic-apps-overvi
 
     [!INCLUDE [updated-for-az](../../includes/updated-for-az.md)]
 
-  * [Add a corresponding public certificate](#add-public-certificate) to your key vault. This certificate appears in your [agreement's **Send** and **Receive** settings for signing and encrypting messages](logic-apps-enterprise-integration-agreements.md). For example, review [Reference for AS2 messages settings in Azure Logic Apps](logic-apps-enterprise-integration-as2-message-settings.md).
+  * [Add the corresponding public certificate](#add-public-certificate) to your key vault. This certificate appears in your [agreement's **Send** and **Receive** settings for signing and encrypting messages](logic-apps-enterprise-integration-agreements.md). For example, review [Reference for AS2 messages settings in Azure Logic Apps](logic-apps-enterprise-integration-as2-message-settings.md).
 
 * At least two [trading partners](logic-apps-enterprise-integration-partners.md) and an [agreement between those partners](logic-apps-enterprise-integration-agreements.md) in your integration account. An agreement requires a host partner and a guest partner. Also, an agreement requires that both partners use the same or compatible *business identity* qualifier that's appropriate for an AS2, X12, EDIFACT, or RosettaNet agreement.
 
 * Optionally, the logic app resource and workflow where you want to use the certificate. The workflow requires any trigger that starts your logic app's workflow. If you haven't created a logic app workflow before, review [Quickstart: Create your first logic app](quickstart-create-first-logic-app-workflow.md).
 
 <a name="add-public-certificate"></a>
 
-## Add a public certificate
+## Use a public certificate
 
 To use a *public certificate* in your workflow, you have to first add the certificate to your integration account.
 
@@ -84,7 +84,7 @@ To use a *public certificate* in your workflow, you have to first add the certif
    |----------|----------|-------|-------------|
    | **Name** | Yes | <*certificate-name*> | Your certificate's name, which is `publicCert` in this example |
    | **Certificate Type** | Yes | **Public** | Your certificate's type |
-   | **Certificate** | Yes | <*certificate-file-name*> | To browse for the certificate file that you want to add, select the folder icon next to the **Certificate** box. |
+   | **Certificate** | Yes | <*certificate-file-name*> | To browse for the certificate file that you want to add, select the folder icon next to the **Certificate** box. Select the certificate that you want to use. |
    |||||
 
    ![Screenshot showing the Azure portal and integration account with "Add" selected and the "Add Certificate" pane with public certificate details.](media/logic-apps-enterprise-integration-certificates/public-certificate-details.png)
@@ -95,11 +95,11 @@ To use a *public certificate* in your workflow, you have to first add the certif
 
    ![Screenshot showing the Azure portal and integration account with the public certificate in the "Certificates" list.](media/logic-apps-enterprise-integration-certificates/new-public-certificate.png)
 
-<a name="add-public-certificate"></a>
+<a name="add-private-certificate"></a>
 
-## Add a private certificate
+## Use a private certificate
 
-To use a *private certificate* in your workflow, you have to first add the certificate to your integration account. Make sure that you've also met the [prerequisites private certificates](#prerequisites).
+To use a *private certificate* in your workflow, you have to first meet the [prerequisites for private keys](#prerequisites), and add a public certificate to your integration account.
 
 1. In the [Azure portal](https://portal.azure.com) search box, enter `integration accounts`, and select **Integration accounts**.
 
@@ -115,7 +115,7 @@ To use a *private certificate* in your workflow, you have to first add the certi
    |----------|----------|-------|-------------|
    | **Name** | Yes | <*certificate-name*> | Your certificate's name, which is `privateCert` in this example |
    | **Certificate Type** | Yes | **Private** | Your certificate's type |
-   | **Certificate** | Yes | <*certificate-file-name*> | To browse for the certificate file that you want to add, select the folder icon next to the **Certificate** box. In the key vault that contains your private key, the file you add there is the public certificate. |
+   | **Certificate** | Yes | <*certificate-file-name*> | To browse for the certificate file that you want to add, select the folder icon next to the **Certificate** box. Select the public certificate that corresponds to the private key that's stored in your key vault. |
    | **Resource Group** | Yes | <*integration-account-resource-group*> | Your integration account's resource group, which is `Integration-Account-RG` in this example |
    | **Key Vault** | Yes | <*key-vault-name*> | Your key vault name |
    | **Key name** | Yes | <*key-name*> | Your key name |