typos

dlepow · dlepow · commit 8969fde818dc · 2023-01-12T18:10:31.000-08:00
diff --git a/articles/api-management/api-management-howto-mutual-certificates-for-clients.md b/articles/api-management/api-management-howto-mutual-certificates-for-clients.md
@@ -15,9 +15,9 @@ ms.custom: engagement-fy23
 
 # How to secure APIs using client certificate authentication in API Management
 
-API Management provides the capability to secure access to APIs (i.e., client to API Management) using client certificates and mutual TLS authentication. You can validate certificates presented by the connecting client and check certificate properties against desired values using policy expressions.
+API Management provides the capability to secure access to APIs (that is, client to API Management) using client certificates and mutual TLS authentication. You can validate certificates presented by the connecting client and check certificate properties against desired values using policy expressions.
 
-For information about securing access to the backend service of an API using client certificates (i.e., API Management to backend), see [How to secure back-end services using client certificate authentication](./api-management-howto-mutual-certificates.md).
+For information about securing access to the backend service of an API using client certificates (that is, API Management to backend), see [How to secure back-end services using client certificate authentication](./api-management-howto-mutual-certificates.md).
 
 For a conceptual overview of API authorization, see [Authentication and authorization in API Management](authentication-authorization-overview.md#gateway-data-plane). 
 
@@ -39,18 +39,18 @@ Using key vault certificates is recommended because it helps improve API Managem
 * If you have not created an API Management service instance yet, see [Create an API Management service instance](get-started-create-service-instance.md).
 * You need access to the certificate and the password for management in an Azure key vault or upload to the API Management service. The certificate must be in **PFX** format. Self-signed certificates are allowed. 
 
-    If you use a self-signed certificate, also [install a CA root certificate](api-management-howto-ca-certificates.md) in your API Management instance.
+    If you use a self-signed certificate, also install trusted root and intermeidate [CA certificates](api-management-howto-ca-certificates.md) in your API Management instance.
     
     > [!NOTE]
-    > CA root certificates for certificate validation are not supported in the Consumption tier.
+    > CA certificates for certificate validation are not supported in the Consumption tier.
 
 [!INCLUDE [api-management-client-certificate-key-vault](../../includes/api-management-client-certificate-key-vault.md)]
 
 ## Enable API Management instance to receive and verify client certificates
 
 ### Developer, Basic, Standard, or Premium tier
 
-To receive and verify client certificates over HTTP/2 in the Developer, Basic, Standard, or Premium tie,s you must enable the **Negotiate client certificate** setting on the **Custom domain** blade as shown below.
+To receive and verify client certificates over HTTP/2 in the Developer, Basic, Standard, or Premium tiers, you must enable the **Negotiate client certificate** setting on the **Custom domain** blade as shown below.
 
 ![Negotiate client certificate](./media/api-management-howto-mutual-certificates-for-clients/negotiate-client-certificate.png)
 
diff --git a/articles/api-management/api-management-howto-mutual-certificates.md b/articles/api-management/api-management-howto-mutual-certificates.md
@@ -8,7 +8,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: article
-ms.date: 01/04/2023
+ms.date: 01/12/2023
 ms.author: danlep 
 ms.custom: devx-track-azurepowershell, engagement-fy23
 ---
@@ -41,10 +41,10 @@ Using key vault certificates is recommended because it helps improve API Managem
 * You need access to the certificate and the password for management in an Azure key vault or upload to the API Management service. The certificate must be in **PFX** format. Self-signed certificates are allowed. 
 
     If you use a self-signed certificate:
-    * [Install a CA root certificate](api-management-howto-ca-certificates.md) in your API Management instance. 
+    * Install trusted root and intermediate [CA certificates](api-management-howto-ca-certificates.md) in your API Management instance. 
     
         > [!NOTE]
-        > CA root certificates for certificate validation are not supported in the Consumption tier.
+        > CA certificates for certificate validation are not supported in the Consumption tier.
     * [Disable certificate chain validation](#disable-certificate-chain-validation-for-self-signed-certificates)
 
 [!INCLUDE [api-management-client-certificate-key-vault](../../includes/api-management-client-certificate-key-vault.md)]
diff --git a/includes/api-management-client-certificate-key-vault.md b/includes/api-management-client-certificate-key-vault.md
@@ -12,7 +12,7 @@ ms.author: danlep
 
     To create or import a certificate to the key vault, see [Quickstart: Set and retrieve a certificate from Azure Key Vault using the Azure portal](../articles/key-vault/certificates/quick-create-portal.md).
 
-* Enable a system-assigned or user-assigned [managed identity](../articles/api-management/api-management-howto-use-managed-service-identity.md) in the API Management instance.
+1. Enable a system-assigned or user-assigned [managed identity](../articles/api-management/api-management-howto-use-managed-service-identity.md) in the API Management instance.
 
 [!INCLUDE [api-management-key-vault-access](./api-management-key-vault-access.md)]
 
