Addressing review comments

Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com>

daprdocs/content/en/operations/security/mtls.md

@@ -450,6 +450,8 @@ By default, system services will look for the credentials in `/var/run/dapr/cred
 *Note: If you signed the cert root with a different private key, restart the Dapr instances.*
 
 ## Community call video on certificate rotation
-Watch this video on how to perform certificate rotation if your certicates are expiring.
+Watch this [video](https://www.youtube.com/watch?v=Hkcx9kBDrAc&feature=youtu.be&t=1400) on how to perform certificate rotation if your certicates are expiring.
 
-<iframe width="1280" height="720" src="https://www.youtube.com/watch?v=Hkcx9kBDrAc" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+<div class="embed-responsive embed-responsive-16by9">
+<iframe width="560" height="315" src="https://www.youtube.com/embed/Hkcx9kBDrAc?start=1400"></iframe>
+</div>

daprdocs/content/en/reference/cli/dapr-mtls/_index.md

@@ -30,9 +30,9 @@ dapr mtls [command]
 ### Available Commands
 
 ```txt
-expiry              Checks the expiry of the root certificate
-export              Export the root CA, issuer cert and key from Kubernetes to local files
-renew-certificate   Rotates root CA, issuer cert and issuer key in Kubernetes secret used by Sentry service
+expiry              Checks the expiry of the root Certificate Authority (CA) certificate
+export              Export the root Certificate Authority (CA), issuer cert and issuer key to local files
+renew-certificate   Rotates the existing root Certificate Authority (CA), issuer cert and issuer key
 ```
 
 ### Command Reference
@@ -46,6 +46,6 @@ You can learn more about each sub command from the links below.
 ### Examples
 
 ```bash
-# Check if mTLS is enabled
+# Check if mTLS is enabled on the Kubernetes cluster
 dapr mtls -k
 ```

daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-expiry.md

@@ -8,7 +8,7 @@ weight: 2000
 
 ### Description
 
-Checks the expiry of the root certificate
+Checks the expiry of the root Certificate Authority (CA) certificate
 
 ### Supported platforms
 

daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-export.md

@@ -8,7 +8,7 @@ weight: 1000
 
 ### Description
 
-Export the root CA, issuer cert and key from Kubernetes to local files
+Export the root Certificate Authority (CA), issuer cert and issuer key to local files
 
 ### Supported platforms
 

daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-renew-certificate.md

@@ -7,8 +7,7 @@ weight: 3000
 ---
 
 ### Description
-This command can be used to renew expiring Dapr certificates in Kubernetes cluster.
-It renews root CA certificate, issuer certificate and issuer key.
+This command can be used to renew expiring Dapr certificates. For example the Dapr Sentry service can generate default root and issuer certificates used by applications. For more information see [secure Dapr to Dapr communication]({{< ref "#secure-dapr-to-dapr-communication" >}})
 
 ### Supported platforms
 
@@ -29,45 +28,45 @@ dapr mtls renew-certificate [flags]
 | `--valid-until`  |                      | 365 days |  Validity for newly created certificates |
 | `--restart`  |                      | false |  Restarts Dapr control plane services (Sentry service, Operator service and Placement server) |
 | `--timeout`  |                      | 300 sec |  The timeout for the certificate renewal process |
-| `--ca-root-certificate`  |                      |  |  User provided root certificate pem file path|
-| `--issuer-public-certificate`  |                      |  |  User provided issuer certificate pem file path|
-| `--issuer-private-key`  |                      |  |  User provided issue private key file path|
+| `--ca-root-certificate`  |                      |  |  File path to user provided PEM root certificate|
+| `--issuer-public-certificate`  |                      |  |  File path to user provided PEM issuer certificate|
+| `--issuer-private-key`  |                      |  |  File path to user provided PEM issue private key|
 | `--private-key`  |                      |  |  User provided root.key file which is used to generate root certificate|
 
 ### Examples
 
-#### Renew certificates by generating fresh new certificates
-Generates new root and issuer certificates for Dapr kubernetes cluster with a default validity of 365 days.
+#### Renew certificates by generating brand new certificates
+Generates new root and issuer certificates for the Kubernetes cluster with a default validity of 365 days. The certificates are not applied to the Dapr control plane.
 ```bash
 dapr mtls renew-certificate -k
 ```
-Generates new root and issuer certificates for kubernetes cluster with a default validity of 365 days and restart the control plane services.
+Generates new root and issuer certificates for the Kubernetes cluster with a default validity of 365 days and restarts the Dapr control plane services.
 ```bash
 dapr mtls renew-certificate -k --restart
 ```
-Generates new root and issuer certificates for kubernetes cluster with a given validity.
+Generates new root and issuer certificates for the Kubernetes cluster with a given validity time.
 ```bash
 dapr mtls renew-certificate -k --valid-until <no of days>
 ```
-Generates new root and issuer certificates for kubernetes cluster with a given validity and restart the control place services.
+Generates new root and issuer certificates for the Kubernetes cluster with a given validity time and restarts the Dapr control place services.
 ```bash
 dapr mtls renew-certificate -k --valid-until <no of days> --restart
 ```
 #### Renew certificate by using user provided certificates
-Rotates certificate of your kubernetes cluster with provided ca.pem, issuer.pem and issuer.key file path and restart the control plane services
+Rotates certificates for the Kubernetes cluster with the provided ca.pem, issuer.pem and issuer.key file paths and restarts the Dapr control plane services
 ```bash
 dapr mtls renew-certificate -k --ca-root-certificate <ca.pem> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.pem> --restart
 ```
-Rotates certificate of your kubernetes cluster with provided ca.pem, issuer.pem and issuer.key file path.
+Rotates certificates for the Kubernetes cluster with the provided ca.pem, issuer.pem and issuer.key file paths.
 ```bash
 dapr mtls renew-certificate -k --ca-root-certificate <ca.pem> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.pem>
 ```
-#### Renew certificates by generating fresh certificates using provided root private key
-Uses existing private root.key to generate new root and issuer certificates for kubernetes cluster with a given validity for created certs.
+#### Renew certificates by generating brand new certificates using the provided root private key
+Uses existing private root.key to generate new root and issuer certificates for the Kubernetes cluster with a given validity time for created certs.
 ```bash
 dapr mtls renew-certificate -k --private-key myprivatekey.key --valid-until <no of days>
 ```
-Uses existing private root.key to generate new root and issuer certificates for kubernetes cluster with a default validity of 365 days for created certs.
+Uses the existing private root.key to generate new root and issuer certificates for the Kubernetes cluster.
 ```bash
 dapr mtls renew-certificate -k --private-key myprivatekey.key
 ```