From b4ed6f2823850d6c44201e2917c69dd7bc465648 Mon Sep 17 00:00:00 2001
From: Axel Siebenborn <axel.siebenborn@sap.com>
Date: Tue, 17 Jul 2018 17:45:57 +0200
Subject: [PATCH] Document to use flag security.selfSigned instead (#1757)

of no longer existing template file.
---
 .../tasks/security/plugin-ca-cert/index.md    | 21 ++++---------------
 1 file changed, 4 insertions(+), 17 deletions(-)

diff --git a/content/docs/tasks/security/plugin-ca-cert/index.md b/content/docs/tasks/security/plugin-ca-cert/index.md
index c1ed3de3f9..fdf990e996 100644
--- a/content/docs/tasks/security/plugin-ca-cert/index.md
+++ b/content/docs/tasks/security/plugin-ca-cert/index.md
@@ -14,15 +14,8 @@ operator-specified root certificate. This task demonstrates an example to plug c
 ## Before you begin
 
 * Set up Istio by following the instructions in the
-  [quick start](/docs/setup/kubernetes/quick-start/) with global mutual TLS enabled:
-
-    {{< text bash >}}
-    $ kubectl apply -f install/kubernetes/istio-demo-auth.yaml
-    {{< /text >}}
-
-    _**OR**_
-
-    Using [Helm](/docs/setup/kubernetes/helm-install/) with `global.mtls.enabled` to `true`.
+  [quick start](/docs/setup/kubernetes/quick-start/) with global mutual TLS enabled by using [Helm](/docs/setup/kubernetes/helm-install/)
+  with `global.mtls.enabled` set to `true`.
 
 > Starting with Istio 0.7, you can use [authentication policy](/docs/concepts/security/#authentication-policy) to configure mutual TLS for all/selected services in a namespace (repeated for all namespaces to get global setting). See [authentication policy task](/docs/tasks/security/authn-policy/)
 
@@ -52,14 +45,8 @@ The following steps enable plugging in the certificates and key into Citadel:
         --from-file=samples/certs/cert-chain.pem
     {{< /text >}}
 
-1.  Redeploy Citadel, which reads the certificates and key from the secret-mount files:
-
-    {{< text bash >}}
-    $ kubectl apply -f install/kubernetes/istio-citadel-plugin-certs.yaml
-    {{< /text >}}
-
-    > Note: if you are using different certificate/key file or secret names,
-    you need to change corresponding volume mounts and arguments in `istio-citadel-plugin-certs.yaml`.
+1.  Redeploy Citadel, which reads the certificates and key from the secret-mount files by using [Helm](/docs/setup/kubernetes/helm-install/)
+    with `global.mtls.enabled` set to `true` and `security.selfSigned` to `false`.
 
 1.  To make sure the workloads obtain the new certificates promptly,
     delete the secrets generated by Citadel (named as istio.\*).