Apply suggestions from code review

Co-authored-by: Maddy <[email protected]>

Author: dcpena

src/content/docs/learning-paths/mtls/concepts/benefits.mdx

@@ -12,4 +12,3 @@ sidebar:
 - **Preserved data integrity**: mTLS ensures that data remains unaltered during transit. The protocol verifies the integrity of transmitted information, protecting it from tampering or manipulation by malicious actors, ensuring the data's authenticity.
 
 - **Defense against insider threats**: mTLS strengthens internal network security by adding protection against insider threats. Unlike traditional "castle-and-moat" networking, which trusts anything inside the perimeter, mTLS enforces mutual authentication, ensuring all internal communications are verified and secure.
-

src/content/docs/learning-paths/mtls/mtls-app-security/index.mdx

@@ -72,7 +72,7 @@ Example WAF Custom Rule with action block:
 ## Demo
 
 :::note
-Ensure you're not using a VPN that could interfere with certificates or TLS decryption. If needed, enable [Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) for specific hostnames to bypass the VPN for trusted services, such as the mTLS hostnames.
+Ensure you are not using a VPN that could interfere with certificates or TLS decryption. If needed, enable [Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) for specific hostnames to bypass the VPN for trusted services, such as the mTLS hostnames.
 :::
 
 With the Public and Private Certificates in the same directory, with this cURL command, we will gain access:
@@ -84,7 +84,7 @@ HTTP/2 200
 server: cloudflare
 ```
 
-Without the certificates, we would see the following:
+Without the certificates, the terminal will display the following:
 
 ```curl
 $ curl -I https://mtls-test.example.com/mtls-test

src/content/docs/learning-paths/mtls/mtls-app-security/related-features.mdx

@@ -37,7 +37,7 @@ There are multiple ways to [forward a client certificate](/ssl/client-certificat
 
 ## Bring your own CA for mTLS
 
-If you already have mTLS implemented, client certificates are already installed on devices, and therefore you'd like to use your own Certificate Authority (CA), this is possible by [bringing your own CA for mTLS](/ssl/client-certificates/byo-ca/).
+If you already have mTLS implemented, client certificates are already installed on devices, and therefore you would like to use your own Certificate Authority (CA), this is possible by [bringing your own CA for mTLS](/ssl/client-certificates/byo-ca/).
 
 Here you can use the [Replace Hostname Associations API endpoint](/api/operations/client-certificate-for-a-zone-put-hostname-associations) to enable mTLS in each hostname that should use the CA for mTLS validation, essentially associating your CAs specific with hostnames.
 
@@ -83,9 +83,9 @@ Review the [troubleshooting documentation](/ssl/client-certificates/troubleshoot
 Resumption and renegotiation are essentially opposites. Resumption re-establishes a previous TLS session over a new TCP connection, keeping the same TLS parameters. In contrast, renegotiation updates certain TLS parameters within an existing session, continuing over the same TCP connection.
 :::
 
-If you need to use Client Certificates after the TLS handshake via renegotiation, you'll need to use a prior TLS version than 1.3. This is because TLS 1.3 doesn't support renegotiation.
+If you need to use Client Certificates after the TLS handshake via renegotiation, you will need to use a prior TLS version than 1.3. This is because TLS 1.3 does not support renegotiation.
 
-For example, if you're using mTLS and you're restricting requests to certain folders, based on a URL path in the request, rather than all content on your origin server, a TLS renegotiation may be triggered. Connections using TLS 1.3 don't support renegotiation.
+For example, if you are using mTLS and you are restricting requests to certain folders, based on a URL path in the request, rather than all content on your origin server, a TLS renegotiation may be triggered. Connections using TLS 1.3 do not support renegotiation.
 
 ## Chain of Trust
 
@@ -119,7 +119,7 @@ Another example WAF Custom Rule with action block, using the [cf.tls_client_auth
 (http.request.uri.path in {"/headers"} and http.host in {"mtls.example.com" "mtls2.example.com"} and not cf.tls_client_auth.cert_verified and cf.tls_client_auth.cert_fingerprint_sha256 ne "ADD_STRING_OF_CLIENT_CERT_SHA256_FINGERPRINT")
 ```
 
-Here's another example of a WAF custome rule to associate a serial number with a hostname: 
+Here is another example of a WAF custom rule to associate a serial number with a hostname: 
 
 ![Example expression of a WAF Custom Rule to associate a serial number with a hostname](~/assets/images/learning-paths/mtls/waf-custom-rule.png)
 

src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx

@@ -19,7 +19,7 @@ Setting up [mTLS](/cloudflare-one/identity/devices/access-integrations/mutual-tl
 
 The CA certificate can be from a publicly trusted CA or self-signed.
 
-In case that you want to [create your own CA](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#test-mtls-using-cloudflare-pki) from scratch, you can follow these example steps and adapt the information to your own needs:
+In case you want to [create your own CA](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#test-mtls-using-cloudflare-pki) from scratch, you can follow these example steps and adapt the information to your own needs:
 
 1. Create a JSON file called `ca-csr.json`:
 
@@ -42,7 +42,7 @@ In case that you want to [create your own CA](/cloudflare-one/identity/devices/a
     }
 ```
 
-2. Create a JSON filed called `ca-config.json`:
+2. Create a JSON file called `ca-config.json`:
 
 ```json
 {
@@ -70,7 +70,7 @@ In case that you want to [create your own CA](/cloudflare-one/identity/devices/a
 cfssl gencert -initca ca-csr.json | cfssljson -bare ca
 ```
 
-## Create client Certificates
+## 2. Create Client Certificates
 
 1. In order to create the Client Certificates, you need to prepare the following JSON file called `client-csr.json`:
 
@@ -104,7 +104,7 @@ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=clie
 
 Follow the steps outlined in the [developer documentation](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration).
 
-Using the example from Step 2: upload the `ca.pem` to your Cloudflare Access account via the [Dashboard](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration) or [Cloudflare API](/api/operations/access-mtls-authentication-add-an-mtls-certificate).
+Using the example from Step 2: upload the `ca.pem` to your Cloudflare Access account via the [dashboard](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration) or [Cloudflare API](/api/operations/access-mtls-authentication-add-an-mtls-certificate).
 
 Do not forget to enter the fully-qualified domain names (FQDN / associated hostnames) that will use this CA certificate.
 

src/content/docs/learning-paths/mtls/mtls-workers/index.mdx

@@ -6,7 +6,7 @@ sidebar:
 ---
 
 :::note
-Cloudflare Workers runs after the Cloudflare WAF and Cloudflare Access. Review the [Traffic Sequence](https://blog.cloudflare.com/traffic-sequence-which-product-runs-first/) visible on the Cloudflare Dashboard.
+Cloudflare Workers runs after the Cloudflare WAF and Cloudflare Access. Review the [Traffic Sequence](https://blog.cloudflare.com/traffic-sequence-which-product-runs-first/) visible on the Cloudflare dashboard.
 :::
 
 [mTLS for Workers](/workers/runtime-apis/bindings/mtls/) can be used for requests made to services that are [not proxied](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records) on Cloudflare, or alternatively used to gain visibility into certificate details and optionally add your own programmatic logic for further checks or actions.