redis
diff --git a/‎content/operate/rs/security/encryption/tls/enable-tls.md‎
Lines changed: 8 additions & 40 deletions b/‎content/operate/rs/security/encryption/tls/enable-tls.md‎
Lines changed: 8 additions & 40 deletions
diff --git a/‎static/images/rs/screenshots/databases/active-active-databases/enable-tls-for-active-active-db.png‎
29 KB b/‎static/images/rs/screenshots/databases/active-active-databases/enable-tls-for-active-active-db.png‎
29 KB
diff --git a/‎static/images/rs/screenshots/databases/security-mtls-clients-7-8-2.png‎
93.4 KB b/‎static/images/rs/screenshots/databases/security-mtls-clients-7-8-2.png‎
93.4 KB
@@ -36,11 +36,11 @@ To enable mutual TLS for client connections:
 
 1. Select **Mutual TLS (Client authentication)**.
 
-    {{<image filename="images/rs/screenshots/databases/security-mtls-clients.png"  alt="Mutual TLS authentication configuration.">}}
+    {{<image filename="images/rs/screenshots/databases/security-mtls-clients-7-8-2.png"  alt="Mutual TLS authentication configuration.">}}
 
 1. For each client certificate, select **+ Add certificate**, paste or upload the client certificate, then select **Done**.
 
-    If your database uses Replica Of or Active-Active replication, you also need to add the syncer certificates for the participating clusters. See [Enable TLS for Replica Of cluster connections](#enable-tls-for-replica-of-cluster-connections) or [Enable TLS for Active-Active cluster connections](#enable-tls-for-active-active-cluster-connections) for instructions.
+    If your database uses Replica Of, you also need to add the syncer certificates for the participating clusters. See [Enable TLS for Replica Of cluster connections](#enable-tls-for-replica-of-cluster-connections) for instructions.
 
 1. You can configure **Additional certificate validations** to further limit connections to clients with valid certificates.
 
@@ -73,59 +73,27 @@ To enable mutual TLS for client connections:
 
 1. Select **Save**.
 
-    {{< note >}}
 By default, Redis Enterprise Software validates client certificate expiration dates.  You can use `rladmin` to turn off this behavior.
 
 ```sh
 rladmin tune db < db:id | name > mtls_allow_outdated_certs enabled
 ```
-    
-    {{< /note >}}
 
 ## Enable TLS for Active-Active cluster connections
 
-To enable TLS for Active-Active cluster connections:
-
-1. If you are using the new Cluster Manager UI, switch to the legacy admin console.
-
-    {{<image filename="images/rs/screenshots/switch-to-legacy-ui.png"  width="300px" alt="Select switch to legacy admin console from the dropdown.">}}
-
-1. [Retrieve syncer certificates.](#retrieve-syncer-certificates)
-
-1. [Configure TLS certificates for Active-Active.](#configure-tls-certificates-for-active-active)
-
-1. [Configure TLS on all participating clusters.](#configure-tls-on-all-participating-clusters)
-
-{{< note >}}
 You cannot enable or turn off TLS after the Active-Active database is created, but you can change the TLS configuration.
-{{< /note >}}
-
-### Retrieve syncer certificates
 
-For each participating cluster, copy the syncer certificate from the **general** settings tab.
-
-{{< image filename="/images/rs/general-settings-syncer-cert.png" alt="general-settings-syncer-cert" >}}
+To enable TLS for Active-Active cluster connections:
 
-### Configure TLS certificates for Active-Active
+1. During [database creation]({{<relref "/operate/rs/databases/active-active/create">}}), expand the **TLS** configuration section.
 
-1. During database creation (see [Create an Active-Active Geo-Replicated Database]({{< relref "/operate/rs/databases/active-active/create.md" >}}), select **Edit** from the **configuration** tab.
-1. Enable **TLS**.
-    - **Enforce client authentication** is selected by default. If you clear this option, you will still enforce encryption, but TLS client authentication will be deactivated.
-1. Select **Require TLS for CRDB communication only** from the dropdown menu.
-    {{< image filename="/images/rs/crdb-tls-all.png" alt="crdb-tls-all" >}}
-1. Select **Add** {{< image filename="/images/rs/icon_add.png#no-click" alt="Add" >}}
-1. Paste a syncer certificate into the text box.
-    {{< image filename="/images/rs/database-tls-replica-certs.png" alt="Database TLS Configuration" >}}
-1. Save the syncer certificate. {{< image filename="/images/rs/icon_save.png#no-click" alt="Save" >}}
-1. Repeat this process, adding the syncer certificate for each participating cluster.
-1. Optional: If also you want to require TLS for client connections, select **Require TLS for All Communications** from the dropdown and add client certificates as well.
-1. Select **Update** at the bottom of the screen to save your configuration.
+1. Select **On** to enable TLS.
 
-### Configure TLS on all participating clusters
+    {{<image filename="images/rs/screenshots/databases/active-active-databases/enable-tls-for-active-active-db.png" alt="TLS is enabled on the Cluster Manager UI screen.">}}
 
-Repeat this process on all participating clusters.
+1. Click **Create**.
 
-To enforce TLS authentication, Active-Active databases require syncer certificates for each cluster connection. If every participating cluster doesn't have a syncer certificate for every other participating cluster, synchronization will fail.
+If you also want to require TLS for client connections, you must edit the Active-Active database configuration after creation. See [Enable TLS for client connections](#client) for instructions.
 
 ## Enable TLS for Replica Of cluster connections