diff --git a/_docs/tasks/security/plugin-ca-cert.md b/_docs/tasks/security/plugin-ca-cert.md
index 4245611339..b328ebcf71 100644
--- a/_docs/tasks/security/plugin-ca-cert.md
+++ b/_docs/tasks/security/plugin-ca-cert.md
@@ -35,20 +35,14 @@ which should include the certificates of all the intermediate CAs between the wo
 In this example, it only contains the Istio CA certificate, so `cert-chain.pem` is the same as `ca-cert.pem`.
 Note that if your `ca-cert.pem` is the same as `root-cert.pem`, you can have an empty `cert-chain.pem` file.
 
-   Download the example files:
-   ```bash
-   rm /tmp/ca-cert.pem /tmp/ca-key.pem /tmp/root-cert.pem /tmp/cert-chain.pem
-   wget -P /tmp https://raw.githubusercontent.com/istio/istio/master/security/samples/plugin_ca_certs/ca-cert.pem
-   wget -P /tmp https://raw.githubusercontent.com/istio/istio/master/security/samples/plugin_ca_certs/ca-key.pem
-   wget -P /tmp https://raw.githubusercontent.com/istio/istio/master/security/samples/plugin_ca_certs/root-cert.pem
-   wget -P /tmp https://raw.githubusercontent.com/istio/istio/master/security/samples/plugin_ca_certs/cert-chain.pem
-   ```
+These files are ready to use in the install/kubernetes/ directory.
 
 The following steps enable plugging in the certificate and key into the Istio CA:
 1. Create a secret `cacert` including all the input files `ca-cert.pem`, `ca-key.pem`, `root-cert.pem` and `cert-chain.pem`:
    ```bash
-   kubectl create secret generic cacerts -n istio-system --from-file=/tmp/ca-cert.pem --from-file=/tmp/ca-key.pem \
-   --from-file=/tmp/root-cert.pem --from-file=/tmp/cert-chain.pem
+   kubectl create secret generic cacerts -n istio-system --from-file=install/kubernetes/ca-cert.pem \
+   --from-file=install/kubernetes/ca-key.pem --from-file=install/kubernetes/root-cert.pem \
+   --from-file=install/kubernetes/cert-chain.pem
    ```
 
 1. Redeploy the Istio CA, which reads the certificates and key from the secret-mount files: