Apply suggestions from code review

Kong · Nov 26, 2024 · 616fc72 · 616fc72
1 parent e42adfc
commit 616fc72
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/app/konnect/gateway-manager/data-plane-nodes/secure-communications.md b/app/konnect/gateway-manager/data-plane-nodes/secure-communications.md
@@ -23,6 +23,25 @@ Consider the following scenarios with this example cert chain:
 * **Upload only cert3 to the control plane**: This is the typical PKI case. It means any cert signed by the root is trusted. However, since `cert1` is signed by an intermediary and `cert2` is signed by root, you need to include both `cert1` and `cert2` in your data plane request. The control plane would trust the whole chain because `cert2` is issued by `cert3` and `cert1` is issued by `cert2`.
 
 ## Generate certificates in {{site.konnect_short_name}} 
-{{site.konnect_short_name}} offers a helper utility to get started with securing control plane / data plane communications. Using the quick start flow, a certificate keypair is generated. Data planes can establish a connection with this certificate keypair (aka ‘pinned cert’). Alternatively, the Generate Certificates option in the UI generates a CA allowing data planes to connect using a certificate signed by that CA (aka PKI). 
+{{site.konnect_short_name}} provides several options to generate or add a certificate for your data plane nodes. 
+
+### Generate a certificate key pair
+
+When you use the {{site.konnect_short_name}} wizard to create a data plane node, it generates a certificate key pair. Data planes can establish a connection with this certificate key pair (pinned cert).
+
+1. 1.  Navigate to [**Gateway Manager**](https://cloud.konghq.com/gateway-manager/) in {{site.konnect_short_name}}.
+1. Click on the control plane you want to create a data plane node for.
+1. Click **Data Plane Nodes** in the sidebar.
+1. Click **Create a New Data Plane Node**. 
+1. Follow the instructions in the wizard to create a data plane node and generate the certificate key pair.
+
+### Generate a CA-signed certificate
+
+Using the {{site.konnect_short_name}} UI, you can generate a CA certificate, which allows data planes to connect using a certificate signed by that CA (PKI). Alternatively you can upload your own CA using the upload option.
+
+1.  Navigate to [**Gateway Manager**](https://cloud.konghq.com/gateway-manager/) in {{site.konnect_short_name}}.
+1. Click on the control plane you want to create a data plane node for.
+1. From the Action menu, select **Data Plane Certificates**. 
+1. Either upload or generate a certificate.
 
 Certificates generated by {{site.konnect_short_name}} are valid for 10 years. If you bring your own certificates, make sure to review the expiration date and associated metadata. See [Renew Certificates for a Data Plane Node](/konnect/gateway-manager/data-plane-nodes/renew-certificates/) for more details.