tls: synced the description of the client/server mutual tls auth config setup

HofiOne · HofiOne · commit 9b1ca7d7fb98 · 2025-02-05T14:51:50.000+01:00
Signed-off-by: Hofi &lt;hofione@gmail.com&gt;
diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/000_Configuring_mutual_TLS_client.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/000_Configuring_mutual_TLS_client.md
@@ -17,16 +17,15 @@ syslog() driver):
 1. Create an X.509 certificate for the {{ site.product.short_name }} client.
 
 2. Copy the certificate (for example, client_cert.pem) and the
-    matching private key (for example, client.key) to the syslog-ng
+    matching private key (for example, client.key) to the {{ site.product.short_name }}
     client host, for example, into the
     /opt/syslog-ng/etc/syslog-ng/cert.d directory. The certificate must
-    be a valid X.509 certificate in PEM format. If you want to use a
-    password-protected key, see
-    Password-protected keys.
+    be a valid X.509 certificate in PEM format. The key must be in PEM format.
+    If you want to use a password-protected key, see Password-protected keys.
 
-3. Copy the CA certificate of the Certificate Authority (for example,
-    cacert.pem) that issued the certificate of the {{ site.product.short_name }} server (or
-    the self-signed certificate of the {{ site.product.short_name }} server) to the
+3. Copy the CA certificate (for example, cacert.pem) of the Certificate
+    Authority that issued the certificate of the {{ site.product.short_name }} server
+    (or the self-signed certificate of the {{ site.product.short_name }} server) to the
     {{ site.product.short_name }} client hosts, for example, into the
     /opt/syslog-ng/etc/syslog-ng/ca.d directory.
 
@@ -49,6 +48,9 @@ syslog() driver):
     Include the client\'s certificate and private key in the tls()
     options.
 
+    For the details of the available tls() options, see
+    TLS options.
+
     Example: A destination statement using mutual authentication
 
     The following destination encrypts the log messages using TLS and
diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/001_Configuring_mutual_TLS_server.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/001_Configuring_mutual_TLS_server.md
@@ -11,12 +11,16 @@ Complete the following steps on the {{ site.product.short_name }} server:
 
 ## Steps
 
-1. Copy the certificate (for example, syslog-ng.cert) of the syslog-ng
-    server to the {{ site.product.short_name }} server host, for example, into the
+1. Create an X.509 certificate for the {{ site.product.short_name }} server.
+
+2. Copy the certificate (for example, syslog-ng.cert) and the
+    matching private key (for example, syslog-ng.key) to the {{ site.product.short_name }}
+    server host, for example, into the
     /opt/syslog-ng/etc/syslog-ng/cert.d directory. The certificate must
-    be a valid X.509 certificate in PEM format.
+    be a valid X.509 certificate in PEM format. The key must be in PEM format.
+    If you want to use a password-protected key, see Password-protected keys.
 
-2. Copy the CA certificate (for example, cacert.pem) of the Certificate
+3. Copy the CA certificate (for example, cacert.pem) of the Certificate
     Authority that issued the certificate of the {{ site.product.short_name }} clients to
     the {{ site.product.short_name }} server, for example, into the
     /opt/syslog-ng/etc/syslog-ng/ca.d directory.
@@ -32,17 +36,11 @@ Complete the following steps on the {{ site.product.short_name }} server:
 
     `ln -s cacert.pem 6d2962a8.0`
 
-3. Copy the private key (for example, syslog-ng.key) matching the
-    certificate of the {{ site.product.short_name }} server to the {{ site.product.short_name }} server host,
-    for example, into the /opt/syslog-ng/etc/syslog-ng/key.d directory.
-    The key must be in PEM format. If you want to use a
-    password-protected key, see Password-protected keys.
-
 4. Add a source statement to the {{ site.product.short_name }} configuration file that uses
     the tls( key-file(key_file_fullpathname)
     cert-file(cert_file_fullpathname) ) option and specify the key and
     certificate files. The source must use the source driver (network()
-    or syslog()) matching the destination driver used by the syslog-ng
+    or syslog()) matching the destination driver used by the {{ site.product.short_name }}
     client. Also specify the directory storing the certificate of the CA
     that issued the client's certificate.
 
@@ -52,7 +50,7 @@ Complete the following steps on the {{ site.product.short_name }} server:
     Example: A source statement using TLS
 
     The following source receives log messages encrypted using TLS,
-    arriving to the 1999/TCP port of any interface of the syslog-ng
+    arriving to the 1999/TCP port of any interface of the {{ site.product.short_name }}
     server.
 
     ```config
