DOCSP-51853: Update client certificate info (#131)

norareidy · norareidy · commit 5cf07ca6800d · 2025-07-16T18:03:01.000-04:00
* DOCSP-51853: Update client certificate info * edit (cherry picked from commit bd46b62)
diff --git a/source/connect/tls.txt b/source/connect/tls.txt
@@ -80,18 +80,18 @@ in the following ways:
    :manual:`SRV Connection Format </reference/connection-string/#srv-connection-format>`
    in the {+mdb-server+} documentation.
 
-.. _c-specify-ca-file:
+.. _c-specify-client-cert:
 
-Specify a CA File
-------------------
+Specify a Client Certificate
+----------------------------
 
 When you connect to a MongoDB deployment with TLS enabled, the deployment will by default require the client to provide
 a client certificate issued by a certificate authority, or an authority
 trusted by the native certificate store in use on the server.
 
 You can provide the client certificate in the following ways:
 
-- Setting the ``tlscertificatekeyfile`` parameter in your connection string to a ``.pem`` file containing the root certificate chain
+- Setting the ``tlsCertificateKeyFile`` parameter in your connection string to a ``.pem`` file containing the root certificate chain
 - Using the ``mongoc_uri_set_option_as_utf8()`` function to set the ``MONGOC_URI_TLSCERTIFICATEKEYFILE`` option
   to a ``.pem`` file containing the root certificate chain
 
@@ -115,12 +115,6 @@ You can provide the client certificate in the following ways:
          :end-before: end-connect-ca-file-uri
          :dedent:
 
-.. note::
-
-   If you don't specify a CA file when compiling against the Windows Native TLS library, the driver
-   will use the Windows Certificate Store. To learn more, see the :ref:`c-native-tls`
-   section of this guide.
-
 .. _c-certificate-revocation:
 
 Server Certificate Verification
@@ -220,7 +214,7 @@ and will issue an error if used.
 Encrypted PEM files, set by using the ``tlsCertificateKeyPassword`` URI option, are also not supported and will result in error when
 attempting to load them.
 
-When ``tlsCAFile`` is set, the driver will only allow server certificates issued by one or more authorities provided.
+When ``tlsCAFile`` is set, the driver will import the file to the ``System Local Machine Root`` certificate store.
 When no ``tlsCAFile`` is set, the driver will look up the Certificate Authority using the ``System Local Machine Root``
 certificate store to confirm the provided certificate.
 
