Document to use flag security.selfSigned instead (#1757)

of no longer existing template file.

content/docs/tasks/security/plugin-ca-cert/index.md

@@ -14,15 +14,8 @@ operator-specified root certificate. This task demonstrates an example to plug c
 ## Before you begin
 
 * Set up Istio by following the instructions in the
-  [quick start](/docs/setup/kubernetes/quick-start/) with global mutual TLS enabled:
-
-    {{< text bash >}}
-    $ kubectl apply -f install/kubernetes/istio-demo-auth.yaml
-    {{< /text >}}
-
-    _**OR**_
-
-    Using [Helm](/docs/setup/kubernetes/helm-install/) with `global.mtls.enabled` to `true`.
+  [quick start](/docs/setup/kubernetes/quick-start/) with global mutual TLS enabled by using [Helm](/docs/setup/kubernetes/helm-install/)
+  with `global.mtls.enabled` set to `true`.
 
 > Starting with Istio 0.7, you can use [authentication policy](/docs/concepts/security/#authentication-policy) to configure mutual TLS for all/selected services in a namespace (repeated for all namespaces to get global setting). See [authentication policy task](/docs/tasks/security/authn-policy/)
 
@@ -52,14 +45,8 @@ The following steps enable plugging in the certificates and key into Citadel:
         --from-file=samples/certs/cert-chain.pem
     {{< /text >}}
 
-1.  Redeploy Citadel, which reads the certificates and key from the secret-mount files:
-
-    {{< text bash >}}
-    $ kubectl apply -f install/kubernetes/istio-citadel-plugin-certs.yaml
-    {{< /text >}}
-
-    > Note: if you are using different certificate/key file or secret names,
-    you need to change corresponding volume mounts and arguments in `istio-citadel-plugin-certs.yaml`.
+1.  Redeploy Citadel, which reads the certificates and key from the secret-mount files by using [Helm](/docs/setup/kubernetes/helm-install/)
+    with `global.mtls.enabled` set to `true` and `security.selfSigned` to `false`.
 
 1.  To make sure the workloads obtain the new certificates promptly,
     delete the secrets generated by Citadel (named as istio.\*).