Text review

RebeccaTamachiro · RebeccaTamachiro · commit 24744bb6e722 · 2025-07-04T12:04:37.000+01:00
diff --git a/src/content/docs/ssl/client-certificates/byo-ca.mdx b/src/content/docs/ssl/client-certificates/byo-ca.mdx
@@ -12,9 +12,9 @@ description: Cloudflare mTLS now supports client certificates that have not been
 
 import { Render, APIRequest } from "~/components"
 
-This page explains how you can manage client certificates that have not been issued by Cloudflare CA. For a broader overview of mTLS at Cloudflare refer to [learning paths](/learning-paths/mtls/concepts/).
+This page explains how you can manage client certificates that have not been issued by Cloudflare CA. For a broader overview of mTLS at Cloudflare, refer to [learning paths](/learning-paths/mtls/concepts/).
 
-Bring your own CA (BYOCA) is especially useful if you already have mTLS implemented and client certificates are already installed on devices.
+Bring your own CA (BYOCA) is especially useful if you already have mTLS implemented and [client certificates are already installed](/ssl/client-certificates/#how-it-works) on devices.
 
 ## Availability
 
diff --git a/src/content/docs/ssl/client-certificates/enable-mtls.mdx b/src/content/docs/ssl/client-certificates/enable-mtls.mdx
@@ -12,11 +12,16 @@ You can enable mutual Transport Layer Security (mTLS) for any hostname.
 
 To enable mTLS for a host from the Cloudflare dashboard:
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and application.
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
 2. Go to **SSL** > **Client Certificates**.
-3. To enable mTLS for a host, select **Edit** in the **Hosts** section of the **Client Certificates** card.
-4. Enter the name of a host in your current application and press `Enter`.
-5. Select **Save**.
+3. On the **Hosts** section of the **Client Certificates** card, select **Edit**.
+4. Enter the name of a host in your current domain.
+:::note
+The domain (`example.com`) is automatically appended for you, so if you want to enable mTLS for `abc.example.com`, you only need to type `abc`.
+:::
+5. Select **Save** to confirm.
+
+## Next steps
 
 After enabling mTLS for your host, you can enforce mTLS with [API Shield](/api-shield/security/mtls/configure/). While API Shield is **not required** to use mTLS, many teams may use mTLS to protect their APIs.
 
diff --git a/src/content/docs/ssl/client-certificates/index.mdx b/src/content/docs/ssl/client-certificates/index.mdx
@@ -22,14 +22,14 @@ For a broader overview of mTLS at Cloudflare refer to [learning paths](/learning
 
 ## How it works
 
-Client certificates issued from a given CA are installed on client devices that should be granted access. Then, for any host that has [mTLS enabled](/ssl/client-certificates/enable-mtls/), Cloudflare requires a client certificate from the client trying to access the hostname.
+Client certificates issued from a given CA are installed on client devices that should be granted access. Then, for any host that has [mTLS enabled](/ssl/client-certificates/enable-mtls/), Cloudflare - acting as the server in this case - requires a certificate from the client trying to access the hostname.
 
-The client certificate is then validated against CAs set at account level. This means that these certificates can be used for validation across multiple zones/domains (`example.com`), as long as the zones are under the same Cloudflare account and mTLS has been enabled for the requested hosts (`host.example.com`).
+Cloudflare then validates the client certificate against CAs set at account level. This means that these certificates can be used for validation across multiple zones/domains (`example.com`), as long as the zones are under the same Cloudflare account and mTLS has been enabled for the requested hosts (`host.example.com`).
 
 The account-level CAs can be:
 
 - The Cloudflare-managed CA: This is the default option. Certificates and hostname associations are listed on your [dashboard](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/client-certificates/).
-- A [BYOCA](/ssl/client-certificates/byo-ca/) certificate: This is an API-only option, available on Enterprise accounts. Certificates and hostnames associations are **not** listed on your [dashboard](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/client-certificates/).
+- A [BYOCA](/ssl/client-certificates/byo-ca/) certificate: This is an API-only option, available on Enterprise accounts. Certificates and hostname associations are **not** listed on your [dashboard](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/client-certificates/).
 
 ---
 
