More, Jan 27

Author: mjang

content/nginx-one/how-to/certificates/manage-certificates.md

@@ -14,10 +14,17 @@ weight: 100
 
 This guide explains how you can manage SSL/TLS certificates with the F5 NGINX One Console. Valid certificates support encrypted connections between NGINX and your users. 
 
-You may have separate sets of SSL/TLS certificates for:
-- Deployments of NGINX, to support secure web services
-  - For more information on how you can use these certificates to secure your servers, see the section on [NGINX SSL termination]({{< relref "/nginx/admin-guide/security-controls/terminating-ssl-http.md" >}}).
-- [Subscription licenses]({{< relref "/solutions/about-subscription-licenses.md" >}})
+You may have separate sets of SSL/TLS certificates, as described in the following table: 
+
+| Functionality     | Typical file names                                                 | Notes                                                                                  |
+|-------------------|--------------------------------------------------------------------|----------------------------------------------------------------------------------------|
+| Website traffic   | /etc/nginx/ssl/example.com.crt <br> /etc/nginx/ssl/example.com.key | Typically purchased from a Certificate Authority (CA).                                 |
+| Repository access | /etc/ssl/nginx/nginx-repo.crt <br> /etc/ssl/nginx/nginx-repo.key   | Supports access to repositories to download and install NGINX packages.                |
+| NGINX Licensing   | /etc/ssl/nginx/server.crt <br> /etc/ssl/nginx/server.key   | Supports access to repositories. Based on licenses downloaded from https://my.f5.com/. Time limited. |
+
+Allowed directories depend on the [NGINX Agent]({{< relref "/nginx-one/getting-started/#install-nginx-agent" >}}). Look for the `/etc/nginx-agent/nginx-agent.conf` file.
+Find the `config_dirs` parameter in that file, as described in the NGINX Agent [Basic configuration]({{< relref "/nginx-agent/configuration/configuration-overview.md/#cli-flags-and-environment-variables" >}})
+You may need to add a directory like `/etc/ssl` to that parameter.
 
 From the NGINX One Console you can:
 
@@ -42,7 +49,7 @@ If you are managing the certificate from NGINX One Console, we recommend that yo
 Before you add and manage certificates with the NGINX One Console make sure:
 
 - You have access to the NGINX One Console
-- You have access through the F5 Distributed Cloud role, as described in the [Authentication]({{< relref "../../api/authentication.md" >}}) guide, to manage SSL/TLS certificates
+- You have access through the F5 Distributed Cloud role, as described in the [Authentication]({{< relref "/nginx-one/api/authentication.md" >}}) guide, to manage SSL/TLS certificates
   - You have the `f5xc-nginx-one-user` role for your account
 - Your SSL/TLS certificates and keys match
 
@@ -154,7 +161,7 @@ If that certificate is managed and is part of a Config Sync Group, that change a
 
 ## Managed and unmanaged certificates
 
-If you register an instance to NGINX One Console, as described in [Add your NGINX instances to NGINX One]({{< relref "../../getting-started.md#add-your-nginx-instances-to-nginx-one" >}}), and the associated SSL/TLS certificates:
+If you register an instance to NGINX One Console, as described in [Add your NGINX instances to NGINX One]({{< relref "/nginx-one/getting-started.md#add-your-nginx-instances-to-nginx-one" >}}), and the associated SSL/TLS certificates:
 
 - Are used in their NGINX configuration
 - Do _not_ match an existing managed SSL certificate/CA bundle