fixed formatting issues

Author: mscatyao

articles/application-gateway/application-gateway-configure-listener-specific-ssl-policy.md

@@ -1,6 +1,6 @@
 ---
-title: Configure listener-specific SSL policies on Azure Application Gateway through Portal
-description: Learn how to configure listener-specific SSL policies on Application Gateway through Portal 
+title: Configure listener-specific SSL policies on Azure Application Gateway through portal
+description: Learn how to configure listener-specific SSL policies on Application Gateway through portal 
 services: application-gateway
 author: mscatyao
 ms.service: application-gateway
@@ -9,7 +9,7 @@ ms.date: 03/30/2021
 ms.author: caya
 ---
 
-# Configure listener-specific SSL policies on Application Gateway through Portal (Preview)
+# Configure listener-specific SSL policies on Application Gateway through portal (Preview)
 
 This article describes how to use the Azure portal to configure listener-specific SSL policies on your Application Gateway. Listener-specific SSL policies allow you to configure specific listeners to use different SSL policies from each other. You'll still be able to set a default SSL policy that all listeners will use unless overwritten by the listener-specific SSL policy. 
 
@@ -24,7 +24,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 
 First create a new Application Gateway as you would usually through the portal - there are no additional steps needed in the creation to configure listener-specific SSL policies. For more information on how to create an Application Gateway in portal, check out our [portal quickstart tutorial](./quick-create-portal.md).
 
-## Set up a listener-specific SSL policy on an existing Application Gateway
+## Set up a listener-specific SSL policy
 
 To set up a listener-specific SSL policy, you'll need to first go to the **SSL settings (Preview)** tab in the Portal and create a new SSL profile. When you create an SSL profile, you'll see two tabs: **Client Authentication** and **SSL Policy**. The **SSL Policy** tab is to configure a listener-specific SSL policy. The **Client Authentication** tab is where to upload a client certificate(s) for mutual authentication - for more information, check out [Configuring a mutual authentication](./mutual-authentication-portal.md).
 
@@ -45,11 +45,11 @@ To set up a listener-specific SSL policy, you'll need to first go to the **SSL s
 
 7. Select **Add** to save.
 
-> [!NOTE]
-> You don't have to configure client authentication on an SSL profile to associate it to a listener. You can have only client authentication configure, or only listener specific SSL policy configured, or both configured in your SSL profile.  
-
-![Add listener specific SSL policy to SSL profile](./media/application-gateway-configure-listener-specific-ssl-policy/listener-specific-ssl-policy-ssl-profile.png)
+    > [!NOTE]
+    > You don't have to configure client authentication on an SSL profile to associate it to a listener. You can have only client authentication configure, or only listener specific SSL policy configured, or both configured in your SSL profile.  
 
+    ![Add listener specific SSL policy to SSL profile](./media/application-gateway-configure-listener-specific-ssl-policy/listener-specific-ssl-policy-ssl-profile.png)
+    
 ## Associate the SSL profile with a listener
 
 Now that we've created an SSL profile with a listener-specific SSL policy, we need to associate the SSL profile to the listener to put the listener-specific policy in action. 
@@ -70,7 +70,7 @@ Now that we've created an SSL profile with a listener-specific SSL policy, we ne
 
 8. Click **Add** to save your new listener with the SSL profile associated to it. 
 
-![Associate SSL profile to new listener](./media/mutual-authentication-portal/mutual-authentication-listener-portal.png)
+    ![Associate SSL profile to new listener](./media/mutual-authentication-portal/mutual-authentication-listener-portal.png)        
 
 ## Next steps
 

articles/application-gateway/media/mutual-authentication-certificate-management/certdetails.png renamed to articles/application-gateway/media/mutual-authentication-certificate-management/cert-details.png

@@ -27,73 +27,85 @@ The following steps help you export the .pem or .cer file for your certificate:
 
 1. To obtain a .cer file from the certificate, open **Manage user certificates**. Locate the certificate, typically in 'Certificates - Current User\Personal\Certificates', and right-click. Click **All Tasks**, and then click **Export**. This opens the **Certificate Export Wizard**. If you can't find the certificate under Current User\Personal\Certificates, you may have accidentally opened "Certificates - Local Computer", rather than "Certificates - Current User"). If you want to open Certificate Manager in current user scope using PowerShell, you type *certmgr* in the console window.
 
-   ![Screenshot shows the Certificate Manager with Certificates selected and a contextual menu with All tasks, then Export selected.](./media/certificates-for-backend-authentication/export.png)
+    > [!div class="mx-imgBorder"]
+    > ![Screenshot shows the Certificate Manager with Certificates selected and a contextual menu with All tasks, then Export selected.](./media/certificates-for-backend-authentication/export.png)
 
 2. In the Wizard, click **Next**.
-
-   ![Export certificate](./media/certificates-for-backend-authentication/exportwizard.png)
+    > [!div class="mx-imgBorder"]
+    > ![Export certificate](./media/certificates-for-backend-authentication/exportwizard.png)
 
 3. Select **No, do not export the private key**, and then click **Next**.
-
-   ![Do not export the private key](./media/certificates-for-backend-authentication/notprivatekey.png)
+    > [!div class="mx-imgBorder"]
+    > ![Do not export the private key](./media/certificates-for-backend-authentication/notprivatekey.png)
 
 4. On the **Export File Format** page, select **Base-64 encoded X.509 (.CER).**, and then click **Next**.
-
-   ![Base-64 encoded](./media/certificates-for-backend-authentication/base64.png)
+    > [!div class="mx-imgBorder"]
+    > ![Base-64 encoded](./media/certificates-for-backend-authentication/base64.png)
 
 5. For **File to Export**, **Browse** to the location to which you want to export the certificate. For **File name**, name the certificate file. Then, click **Next**.
 
-   ![Screenshot shows the Certificate Export Wizard where you specify a file to export.](./media/certificates-for-backend-authentication/browse.png)
+    > [!div class="mx-imgBorder"]
+   > ![Screenshot shows the Certificate Export Wizard where you specify a file to export.](./media/certificates-for-backend-authentication/browse.png)
 
 6. Click **Finish** to export the certificate.
 
-   ![Screenshot shows the Certificate Export Wizard after you complete the file export.](./media/certificates-for-backend-authentication/finish.png)
+    > [!div class="mx-imgBorder"]
+    > ![Screenshot shows the Certificate Export Wizard after you complete the file export.](./media/certificates-for-backend-authentication/finish.png)
 
 7. Your certificate is successfully exported.
 
-   ![Screenshot shows the Certificate Export Wizard with a success message.](./media/certificates-for-backend-authentication/success.png)
+    > [!div class="mx-imgBorder"]
+    > ![Screenshot shows the Certificate Export Wizard with a success message.](./media/certificates-for-backend-authentication/success.png)
 
    The exported certificate looks similar to this:
 
-   ![Screenshot shows a certificate symbol.](./media/certificates-for-backend-authentication/exported.png)
+    > [!div class="mx-imgBorder"]
+    > ![Screenshot shows a certificate symbol.](./media/certificates-for-backend-authentication/exported.png)
 
 ### Export CA certificate(s) from the public certificate
 
 Now that you've exported your public certificate, you will now export the CA certificate(s) from your public certificate. If you only have a root CA, you'll only need to export that certificate. However, if you have 1+ intermediate CAs, you'll need to export each of those as well. 
 
 1. Once the public key has been exported, open the file.
 
-   ![Open authorization certificate](./media/certificates-for-backend-authentication/openAuthcert.png)
+    > [!div class="mx-imgBorder"]
+    > ![Open authorization certificate](./media/certificates-for-backend-authentication/openAuthcert.png)
 
-   ![about certificate](./media/mutual-authentication-certificate-management/general.png)
+    > [!div class="mx-imgBorder"]
+    > ![about certificate](./media/mutual-authentication-certificate-management/general.png)
 
 1. Select the Certification Path tab to view the certification authority.
 
-   ![cert details](./media/mutual-authentication-certificate-management/certdetails.png) 
+    > [!div class="mx-imgBorder"]
+    > ![cert details](./media/mutual-authentication-certificate-management/cert-details.png) 
 
 1. Select the root certificate and click on **View Certificate**.
 
-   ![cert path](./media/mutual-authentication-certificate-management/rootcert.png) 
+    > [!div class="mx-imgBorder"]
+    > ![cert path](./media/mutual-authentication-certificate-management/root-cert.png) 
 
    You should see the root certificate details.
 
-   ![cert info](./media/mutual-authentication-certificate-management/rootcertdetails.png)
+    > [!div class="mx-imgBorder"]
+    > ![cert info](./media/mutual-authentication-certificate-management/root-cert-details.png)
 
 1. Select the **Details** tab and click **Copy to File...**
 
-   ![copy root cert](./media/mutual-authentication-certificate-management/rootcertcopytofile.png)
+    > [!div class="mx-imgBorder"]
+    > ![copy root cert](./media/mutual-authentication-certificate-management/root-cert-copy-to-file.png)
 
 1. At this point, you've extracted the details of the root CA certificate from the public certificate. You'll see the **Certificate Export Wizard**. Follow steps 2-7 from the previous section ([Export public certificate](./mutual-authentication-certificate-management.md#export-public-certificate)) to complete the Certificate Export Wizard. 
 
 1. Now repeat steps 2-6 from this current section ([Export CA certificate(s) from the public certificate](./mutual-authentication-certificate-management.md#export-ca-certificates-from-the-public-certificate)) for all intermediate CAs to export all intermediate CA certificates in the Base-64 encoded X.509(.CER) format.
 
-    ![intermediate cert](./media/mutual-authentication-certificate-management/intermediatecert.png)
+    > [!div class="mx-imgBorder"]
+    > ![intermediate cert](./media/mutual-authentication-certificate-management/intermediate-cert.png)
 
     For example, you would repeat steps 2-6 from this section on the *MSIT CAZ2* intermediate CA to extract it as its own certificate. 
 
 ### Concatenate all your CA certificates into one file
 
-15. Run the following command with all the CA certificates you extracted earlier. 
+1. Run the following command with all the CA certificates you extracted earlier. 
 
     Windows:
     ```console
@@ -107,7 +119,8 @@ Now that you've exported your public certificate, you will now export the CA cer
 
     Your resulting combined certificate should look something like the following:
     
-    ![combined cert](./media/mutual-authentication-certificate-management/combinedcert.png)
+    > [!div class="mx-imgBorder"]
+    > ![combined cert](./media/mutual-authentication-certificate-management/combined-cert.png)
 
 ## Next steps
 

articles/application-gateway/media/mutual-authentication-certificate-management/combinedcert.png renamed to articles/application-gateway/media/mutual-authentication-certificate-management/combined-cert.png

@@ -1,6 +1,6 @@
 ---
-title: Configure mutual authentication on Azure Application Gateway through Portal
-description: Learn how to configure an Application Gateway to have mutual authentication through Portal 
+title: Configure mutual authentication on Azure Application Gateway through portal
+description: Learn how to configure an Application Gateway to have mutual authentication through portal 
 services: application-gateway
 author: mscatyao
 ms.service: application-gateway
@@ -9,7 +9,7 @@ ms.date: 03/30/2021
 ms.author: caya
 ---
 
-# Configure mutual authentication with Application Gateway through Portal (Preview)
+# Configure mutual authentication with Application Gateway through portal (Preview)
 
 This article describes how to use the Azure portal to configure mutual authentication on your Application Gateway. Mutual authentication means Application Gateway authenticates the client sending the request using the client certificate you upload onto the Application Gateway. 
 
@@ -25,7 +25,7 @@ To learn more, especially about what kind of client certificates you can upload,
 
 First create a new Application Gateway as you would usually through the portal - there are no additional steps needed in the creation to enable mutual authentication. For more information on how to create an Application Gateway in portal, check out our [portal quickstart tutorial](./quick-create-portal.md).
 
-## Configure mutual authentication on an existing Application Gateway
+## Configure mutual authentication 
 
 To configure an existing Application Gateway with mutual authentication, you'll need to first go to the **SSL settings (Preview)** tab in the Portal and create a new SSL profile. When you create an SSL profile, you'll see two tabs: **Client Authentication** and **SSL Policy**. The **Client Authentication** tab is where you'll upload your client certificate(s). The **SSL Policy** tab is to configure a listener specific SSL policy - for more information, check out [Configuring a listener specific SSL policy](./application-gateway-configure-listener-specific-ssl-policy.md).
 
@@ -52,8 +52,8 @@ To configure an existing Application Gateway with mutual authentication, you'll
 7. Consider adding a listener specific policy. See instructions at [setting up listener specific SSL policies](./application-gateway-configure-listener-specific-ssl-policy.md).
 
 8. Select **Add** to save.
-
-![Add client authentication to SSL profile](./media/mutual-authentication-portal/mutual-authentication-portal.png)
+    > [!div class="mx-imgBorder"]
+    > ![Add client authentication to SSL profile](./media/mutual-authentication-portal/mutual-authentication-portal.png)
 
 ## Associate the SSL profile with a listener
 
@@ -75,7 +75,8 @@ Now that we've created an SSL profile with mutual authentication configured, we
 
 8. Click **Add** to save your new listener with the SSL profile associated to it. 
 
-![Associate SSL profile to new listener](./media/mutual-authentication-portal/mutual-authentication-listener-portal.png)
+    > [!div class="mx-imgBorder"]
+    > ![Associate SSL profile to new listener](./media/mutual-authentication-portal/mutual-authentication-listener-portal.png)
 
 ## Renew expired client CA certificates
 

articles/application-gateway/media/mutual-authentication-certificate-management/intermediatecert.png renamed to articles/application-gateway/media/mutual-authentication-certificate-management/intermediate-cert.png

@@ -138,26 +138,26 @@ Remove-AzResourceGroup -Name $rgname
 In the case that your client CA certificate has expired, you can update the certificate on your gateway through the following steps: 
 
 1. Sign in to Azure
-```azurepowershell
-Connect-AzAccount
-Select-AzSubscription -Subscription "<sub name>"
-```
+    ```azurepowershell
+    Connect-AzAccount
+    Select-AzSubscription -Subscription "<sub name>"
+    ```
 2. Get your Application Gateway configuration
-```azurepowershell
-$gateway = Get-AzApplicationGateway -Name "<gateway-name>" -ResourceGroupName "<resource-group-name>"
-```
+    ```azurepowershell
+    $gateway = Get-AzApplicationGateway -Name "<gateway-name>" -ResourceGroupName "<resource-group-name>"
+    ```
 3. Remove the trusted client certificate from the gateway 
-```azurepowershell
-Remove-AzApplicationGatewayTrustedClientCertificate -Name "<name-of-client-certificate>" -ApplicationGateway $gateway
-``` 
+    ```azurepowershell
+    Remove-AzApplicationGatewayTrustedClientCertificate -Name "<name-of-client-certificate>" -ApplicationGateway $gateway
+    ``` 
 4. Add the new certificate onto the gateway 
-```azurepowershell
-Add-AzApplicationGatewayTrustedClientCertificate -ApplicationGateway $gateway -Name "<name-of-new-cert>" -CertificateFile "<path-to-certificate-file>"
-```
+    ```azurepowershell
+    Add-AzApplicationGatewayTrustedClientCertificate -ApplicationGateway $gateway -Name "<name-of-new-cert>" -CertificateFile "<path-to-certificate-file>"
+    ```
 5. Update the gateway with the new certificate 
-```azurepowershell
-Set-AzApplicationGateway -ApplicationGateway $gateway
-```
+    ```azurepowershell
+    Set-AzApplicationGateway -ApplicationGateway $gateway
+    ```
 
 ## Next steps
 

articles/application-gateway/media/mutual-authentication-certificate-management/rootcertcopytofile.png renamed to articles/application-gateway/media/mutual-authentication-certificate-management/root-cert-copy-to-file.png

@@ -111,8 +111,8 @@ There are two potential causes behind this error code.
 #### Solution
 
 Depending on the cause of this error, there are two potential solutions. 
-1. Validate that the certificate chain uploaded was in the right format (PEM) and that the certificate data was properly delimited. 
-2. Check that the certificate file uploaded contained the certificate data in addition to the delimiters. 
+* Validate that the certificate chain uploaded was in the right format (PEM) and that the certificate data was properly delimited. 
+* Check that the certificate file uploaded contained the certificate data in addition to the delimiters. 
 
 ### Error code: ApplicationGatewayTrustedClientCertificateDoesNotContainAnyCACertificate