added additional detail regarding replacing existing certificates

Author: tonbut

modules/ROOT/pages/security/ssl-framework.adoc

@@ -1119,7 +1119,9 @@ It is considered best practice to use certificates with reasonably short duratio
 dbms.security.tls_reload=true (default is false)
 ----
 
-. Make necessary changes to any of the SSL configuration and/or replace certificates for desired scopes. New certificates will need to be copied to all cluster members as required.
+. Replace old certificates either by overwriting on the filesystem, or copying them to a new location and updating the required SSL configuration for each effected scope. Both certificates may exist on the filesystem but only one can be referenced in the configuration. New certificates will need to be copied to all cluster members as required.
+
+. Make necessary changes to any of the SSL configuration. and/or replace certificates for effected scopes. 
 
 . Connect to each cluster member in turn using Cypher Shell using a bolt scheme and run the reload procedure: