From 0173744bd48ef57d165cdadcc06b33877171e676 Mon Sep 17 00:00:00 2001
From: Tao Li <taotao12@gmail.com>
Date: Thu, 5 Oct 2017 17:52:26 -0700
Subject: [PATCH] Small tweaks for Security (#626)

* Small tweaks for Security

* Update url

* address comment
---
 _docs/reference/release-notes.md   | 2 +-
 _docs/tasks/security/mutual-tls.md | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/_docs/reference/release-notes.md b/_docs/reference/release-notes.md
index f770d99683..26338cce48 100644
--- a/_docs/reference/release-notes.md
+++ b/_docs/reference/release-notes.md
@@ -85,7 +85,7 @@ identity provisioning. This agent runs on each node (VM / physical machine) and
 
 - **Bring Your Own CA Certificates**. Allows users to provide their own key and certificate for Istio CA.
 
-- **Persistent CA Key/Certificate Storage**. Istio CA now supports storing signing key/certificates in
+- **Persistent CA Key/Certificate Storage**. Istio CA now stores signing key/certificates in
 persistent storage to facilitate CA restarts. 
 
 
diff --git a/_docs/tasks/security/mutual-tls.md b/_docs/tasks/security/mutual-tls.md
index b3e50413e3..569e1a7b06 100644
--- a/_docs/tasks/security/mutual-tls.md
+++ b/_docs/tasks/security/mutual-tls.md
@@ -59,14 +59,14 @@ Istio CA is up if the "AVAILABLE" column is 1.
 When running Istio with mutual TLS authentication turned on, you can use curl in one service's
 envoy to send request to other services.
 For example, after starting the [BookInfo]({{home}}/docs/guides/bookinfo.html) 
-sample application you can ssh into the envoy container of `productpage` service, 
+sample application you can ssh into the envoy container of `productpage` service,
 and send request to other services by curl. 
 
 There are several steps:
    
 1. get the productpage pod name
    ```bash
-   kubectl get pods -l app=productpage 
+   kubectl get pods -l app=productpage
    ```
    ```bash
    NAME                              READY     STATUS    RESTARTS   AGE
@@ -77,7 +77,7 @@ There are several steps:
 
 1. ssh into the envoy container 
    ```bash
-   kubectl exec -it productpage-v1-4184313719-5mxjc -c istio-proxy /bin/bash 
+   kubectl exec -it productpage-v1-4184313719-5mxjc -c istio-proxy /bin/bash
    ```
 
 1. make sure the key/cert is in /etc/certs/ directory
@@ -92,7 +92,7 @@ There are several steps:
    
 1. send requests to another service, for example, details.
    ```bash
-   curl https://details:9080 -v --key /etc/certs/key.pem --cert /etc/certs/cert-chain.pem --cacert /etc/certs/root-cert.pem -k
+   curl https://details:9080/details/0 -v --key /etc/certs/key.pem --cert /etc/certs/cert-chain.pem --cacert /etc/certs/root-cert.pem -k
    ```
    ```bash
    ...