Revise istio auth, and fix typo in demo main page (#235)

* revise istio auth, and fix typo in demo main page

* revise comment

_docs/samples/bookinfo.md

@@ -168,7 +168,7 @@ This application is polyglot, i.e., the microservices are written in different l
    
 ## What's next
 
-Now that you have the BookInfo sample up and running, you can you can point your browser to `http://$GATEWAY_URL/productpage`
+Now that you have the BookInfo sample up and running, you can point your browser to `http://$GATEWAY_URL/productpage`
 to see the running application and use Istio to control traffic routing, inject faults, rate limit services, etc..
 
 To get started, check out the [request routing task]({{home}}/docs/tasks/request-routing.html).

_docs/tasks/istio-auth.md

@@ -174,7 +174,7 @@ kubectl exec <app-pod> -c proxy -- cat /etc/envoy/envoy-revX.json | grep ssl_con
 
 ## Playing with auth 
 
-When running Istio-enabled services, you can use curl in one service's
+When running Istio auth-enabled services, you can use curl in one service's
 envoy to send request to other services.
 For example, after starting the [BookInfo]({{home}}/docs/samples/bookinfo.html) 
 sample application you can ssh into the envoy container of `productpage` service, 
@@ -203,12 +203,14 @@ There are several steps:
    ls /etc/certs/ 
    ```
    ```bash
-   cert-chain.pem   key.pem 
+   cert-chain.pem   key.pem   root-cert.pem
    ``` 
    
+   Note that cert-chain.pem is envoy's cert that needs to present to the other side. key.pem is envoy's private key paired with cert-chain.pem. root-cert.pem is the root cert to verify the other side's cert. Currently we only have one CA, so all envoys have the same root-cert.pem.  
+   
 1. send requests to another service, for example, details.
    ```bash
-   curl https://details:9080 -v --key /etc/certs/key.pem --cert /etc/certs/cert-chain.pem -k
+   curl https://details:9080 -v --key /etc/certs/key.pem --cert /etc/certs/cert-chain.pem --cacert /etc/certs/root-cert.pem -k
    ```
    ```bash
    ...