diff --git a/content/en/boilerplates/crl-tip.md b/content/en/boilerplates/crl-tip.md
index c57c890413..f81c6cccb4 100644
--- a/content/en/boilerplates/crl-tip.md
+++ b/content/en/boilerplates/crl-tip.md
@@ -1,6 +1,4 @@
 ---
 ---
-{{< tip >}}
 Optionally, the credential may include a [certificate revocation list (CRL)](https://datatracker.ietf.org/doc/html/rfc5280)
-using the key `ca.crl`. If so, add another argument to the above example to provide the CRL: `--from-file=ca.crl=/some/path/to/your-crl.pem`
-{{< /tip >}}
+using the key `ca.crl`. If so, add another argument to the above example to provide the CRL: `--from-file=ca.crl=/some/path/to/your-crl.pem`.
diff --git a/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md b/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
index b2d307defa..fd3deb16c2 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
@@ -410,7 +410,9 @@ to hold the configuration of the NGINX server:
 
     In this example. a single generic Secret with keys `tls.key`, `tls.crt`, and `ca.crt` is used.
 
+    {{< tip >}}
     {{< boilerplate crl-tip >}}
+    {{< /tip >}}
 
 1.  Create an egress `Gateway` for `my-nginx.mesh-external.svc.cluster.local`, port 443, and destination rules and
     virtual services to direct the traffic through the egress gateway and from the egress gateway to the external
diff --git a/content/en/docs/tasks/traffic-management/egress/egress-tls-origination/index.md b/content/en/docs/tasks/traffic-management/egress/egress-tls-origination/index.md
index 3a4e986f0f..1b7bf58135 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-tls-origination/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-tls-origination/index.md
@@ -235,7 +235,9 @@ Follow [these steps](/docs/tasks/traffic-management/egress/egress-gateway-tls-or
 
     The secret **must** be created in the same namespace as the client pod is deployed in, `default` in this case.
 
+    {{< tip >}}
     {{< boilerplate crl-tip >}}
+    {{< /tip >}}
 
 1. Create required `RBAC` to make sure the secret created in the above step is accessible to the client pod, which is `sleep` in this case.
 
diff --git a/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md b/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
index 9e16913cd5..90427a3535 100644
--- a/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
+++ b/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
@@ -522,8 +522,12 @@ You can extend your gateway's definition to support [mutual TLS](https://en.wiki
       --from-file=ca.crt=example_certs1/example.com.crt
     {{< /text >}}
 
+    {{< tip >}}
     {{< boilerplate crl-tip >}}
 
+    The credential may also include an [OCSP Staple](https://datatracker.ietf.org/doc/html/rfc6961) using the key `tls.ocsp-staple` which can be specified by an additional argument: `--from-file=tls.ocsp-staple=/some/path/to/your-ocsp-staple.pem`.
+    {{< /tip >}}
+
 1. Configure the ingress gateway:
 
 {{< tabset category-name="config-api" >}}