diff --git a/docs/certificate-authority.md b/docs/certificate-authority.md
index f5e2f4a..2d484f8 100644
--- a/docs/certificate-authority.md
+++ b/docs/certificate-authority.md
@@ -8,7 +8,9 @@ This lab will setup a Certificate Authority and generated a single set of TLS ce
 * Kubernetes API Server
 * Kubernetes Kubelet
 
-In production you should strongly consider generating individual TLS certificates for each component.
+> In production you should strongly consider generating individual TLS certificates for each component.
+
+The TLS certificates in this lab will be copied to each machine running a Kubernetes components. 
 
 ## Install CFSSL
 
@@ -71,14 +73,15 @@ ca.csr
 ca.pem
 ```
 
+### Verification
+
 ```
 openssl x509 -in ca.pem -text -noout
 ```
 
-## Generate Server and Client Certs
-
-### Generate the kube-apiserver server cert
+## Generate the single Kubernetes TLS Cert
 
+In this section we will generate a TLS certificate that will be valid for all Kubernetes components. This is being done for ease of use. In production you should strongly consider generating individual TLS certificates for each component.
 
 ```
 echo '{
@@ -121,6 +124,16 @@ cfssl gencert \
 kubernetes-csr.json | cfssljson -bare kubernetes
 ```
 
+Results:
+
+```
+kubernetes-key.pem
+kubernetes.csr
+kubernetes.pem
+```
+
+### Verification
+
 ```
 openssl x509 -in kubernetes.pem -text -noout
 ```
\ No newline at end of file