updated clarity for root ca

japere · web-flow · commit 94d3ae188627 · 2020-03-02T11:57:32.000-08:00
diff --git a/articles/active-directory/manage-apps/application-proxy-configure-custom-domain.md b/articles/active-directory/manage-apps/application-proxy-configure-custom-domain.md
@@ -127,9 +127,9 @@ There's no restriction on the certificate signature methods. Elliptic Curve Cryp
 
 You can use wildcard certificates as long as the wildcard matches the external URL. You must use wildcard certificates for [wildcard applications](application-proxy-wildcard.md). If you want to use the certificate to also access subdomains, you must add the subdomain wildcards as subject alternative names in the same certificate. For example, a certificate for *\*.adventure-works.com* won't work for *\*.apps.adventure-works.com* unless you add *\*.apps.adventure-works.com* as a subject alternative name. 
 
-You can use certificates issued by your own public key infrastructure (PKI) if the certificate chain is installed on your client devices. Intune can deploy these certificates to managed devices. For non-managed devices, you must manually install these certificates.
+You can use certificates issued by your own public key infrastructure (PKI) if the certificate chain is installed on your client devices. Intune can deploy these certificates to managed devices. For non-managed devices, you must manually install these certificates. 
 
-It's not a good idea to use a private root CA. The private root CA would also need to be pushed to client machines, which introduces many challenges. 
+We do not recommend using a private root CA since the private root CA would also need to be pushed to client machines, which may introduce many challenges.
 
 ### Certificate management
 
