From 753e71bac8bdf2abf15237e8c45be1e6b5e4b380 Mon Sep 17 00:00:00 2001
From: Chris Jones <christian.jones@sri.com>
Date: Sat, 29 Oct 2016 09:08:29 -0600
Subject: [PATCH] Note that all replicas of a component must share the same
 certificate.

---
 docs/02-certificate-authority.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/02-certificate-authority.md b/docs/02-certificate-authority.md
index c33e51a..b8facb2 100644
--- a/docs/02-certificate-authority.md
+++ b/docs/02-certificate-authority.md
@@ -118,7 +118,7 @@ openssl x509 -in ca.pem -text -noout
 
 ## Generate the single Kubernetes TLS Cert
 
-In this section we will generate a TLS certificate that will be valid for all Kubernetes components. This is being done for ease of use. In production you should strongly consider generating individual TLS certificates for each component.
+In this section we will generate a TLS certificate that will be valid for all Kubernetes components. This is being done for ease of use. In production you should strongly consider generating individual TLS certificates for each component. (But all replicas of a given component must share the same certificate.)
 
 ### Set the Kubernetes Public Address