[ZT] Change the CF cert --> a

src/content/docs/cloudflare-one/connections/connect-devices/agentless/pac-files.mdx

@@ -21,7 +21,7 @@ When end users visit a website, their browser will send the request to a Cloudfl
 
 ## Prerequisites
 
-Install the [Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) on your device.
+Install a [Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) on your device.
 
 ## 1. Generate a proxy endpoint
 

src/content/docs/cloudflare-one/connections/connect-devices/warp/remove-warp.mdx

@@ -55,5 +55,5 @@ sudo apt remove cloudflare-warp
 
 :::note
 
-If you [manually deployed the Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/), remember to manually delete the certificate from the device.
+If you [manually deployed a Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/), remember to manually delete the certificate from the device.
 :::

src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/common-issues.mdx

@@ -126,11 +126,11 @@ If the root CA is not installed on the device, you will see untrusted certificat
 
 #### Solution
 
-[Install the Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/) on all of your devices, or [upload your own certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/) to Cloudflare.
+[Install a Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/) on all of your devices, or [upload your own certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/) to Cloudflare.
 
 :::note
 
-More and more applications (including browsers) are relying on their own certificate stores. In addition to ensuring the root certificate is trusted at the device level, you may also need to [add the certificate to individual applications](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/#add-the-certificate-to-applications). For example, to use Firefox on Linux, you must install the certificate on both the system and on Firefox.
+More and more applications (including browsers) are relying on their own certificate stores. In addition to ensuring a root certificate is trusted at the device level, you may also need to [add the certificate to individual applications](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/#add-the-certificate-to-applications). For example, to use Firefox on Linux, you must install the certificate on both the system and on Firefox.
 
 :::
 
@@ -156,7 +156,7 @@ Some applications do not support SSL inspection or are otherwise [incompatible w
 
 Applications such as Firefox, Docker, Python, and npm rely on their own certificate store and the Cloudflare root certificate must be trusted in each.
 
-Refer to [our instructions](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/#add-the-certificate-to-applications) for adding the root certificate to common applications. For applications not on our list, try searching the Internet for `<app-name> proxy support` or `<app-name> proxy certificate`.
+Refer to [our instructions](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/#add-the-certificate-to-applications) for adding a root certificate to common applications. For applications not on our list, try searching the Internet for `<app-name> proxy support` or `<app-name> proxy certificate`.
 
 #### Solution (last resort)
 

src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment.mdx

@@ -5,6 +5,8 @@ sidebar:
   order: 1
 head: []
 description: Automatically deploy a root certificate on desktop devices.
+banner:
+  content: The default global Cloudflare root certificate will expire on 2025-02-02. If you installed the default Cloudflare certificate before 2024-17-10, you must <a href="#generate-a-cloudflare-root-certificate">generate a new certificate</a> and activate it for your Zero Trust organization to avoid inspection errors.
 ---
 
 import { Details } from "~/components";
@@ -27,11 +29,11 @@ import { Details } from "~/components";
 <sup>*</sup> Only supported on Debian-based systems.
 </Details>
 
-The WARP client can automatically install the Cloudflare certificate (or a [custom root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/)) on Windows, macOS, and Debian/Ubuntu Linux devices. On mobile devices and Red Hat-based systems, you will need to [install the certificate manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/).
+The WARP client can automatically install a Cloudflare certificate or [custom root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/) on Windows, macOS, and Debian/Ubuntu Linux devices. On mobile devices and Red Hat-based systems, you will need to [install the certificate manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/).
 
 The certificate is required if you want to [apply HTTP policies to encrypted websites](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), display custom block pages, and more.
 
-## Install the certificate using WARP
+## Install a certificate using WARP
 
 1. (Optional) [Upload](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/) a custom root certificate to Cloudflare.
 2. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**.

src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate.mdx

@@ -6,6 +6,8 @@ sidebar:
 head: []
 description: Configure WARP to use a custom root certificate instead of the
   Cloudflare certificate.
+banner:
+  content: The default global Cloudflare root certificate will expire on 2025-02-02. If you installed the default Cloudflare certificate before 2024-17-10, you must <a href="#generate-a-cloudflare-root-certificate">generate a new certificate</a> and activate it for your Zero Trust organization to avoid inspection errors.
 ---
 
 import { Render, Tabs, TabItem } from "~/components";
@@ -14,10 +16,10 @@ import { Render, Tabs, TabItem } from "~/components";
 Only available on Enterprise plans.
 :::
 
-Enterprise customers who do not wish to install the [Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/) have the option to upload their own root certificate to Cloudflare. This feature is sometimes referred to as Bring Your Own Public Key Infrastructure (BYOPKI). Gateway will use your uploaded certificate to encrypt all sessions between the end user and Gateway, enabling all HTTPS inspection features that previously required the Cloudflare certificate. You can upload multiple certificates to your account, but only one can be active at any given time. You also need to upload a private key to intercept domains with JIT certificates and to enable the [block page](/cloudflare-one/policies/gateway/block-page/).
+Enterprise customers who do not wish to install a [Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/) have the option to upload their own root certificate to Cloudflare. This feature is sometimes referred to as Bring Your Own Public Key Infrastructure (BYOPKI). Gateway will use your uploaded certificate to encrypt all sessions between the end user and Gateway, enabling all HTTPS inspection features that previously required a Cloudflare certificate. You can upload multiple certificates to your account, but only one can be active at any given time. You also need to upload a private key to intercept domains with JIT certificates and to enable the [block page](/cloudflare-one/policies/gateway/block-page/).
 
 :::caution
-Custom certificates are limited to use between your users and the Gateway proxy. Connections between Gateway and the origin server will use the Cloudflare certificate.
+Custom certificates are limited to use between your users and the Gateway proxy. Connections between Gateway and the origin server will use a Cloudflare certificate.
 :::
 
 ## Generate a custom root CA