Incorporating PM inputs

Author: netapp-manishc

articles/azure-netapp-files/media/object-rest-api-access-configure/create-bucket.png

@@ -24,26 +24,30 @@ Azure NetApp Files now supports two certificate workflows for Object REST API ac
 1. Azure Key Vault–based certificates, which are created and selected by reference during bucket creation 
 1. Direct certificate upload, where PEM certificates are generated locally and uploaded at bucket creation time.
 
+### Using Azure Key Vault as the certificate source
 
+When creating the certificate, ensure:
+
+* the **Content Type** is set to PKCS#12 
+* the **Subject** field is set to the IP address or fully qualified domain name (FQDN) of your Azure NetApp Files endpoint using the format `"CN=<IP or FQDN>"`
+* the **DNS Names** entry specifies the IP address or FQDN
+
+### Upload the certificate manually
 <!-- DNS? -->
 
-### [Portal](#tab/portal)
+#### [Portal](#tab/portal)
 
 See the [Azure Key Vault documentation for adding a certificate to Key Vault](/azure//key-vault/certificates/quick-create-portal#add-a-certificate-to-key-vault). 
 
 When creating the certificate, ensure:
 
-* the **Content Type** is set to PKCS#12 
-
->NOTE
->The PEM content type can still be used if the certificate is not stored in Azure Key Vault.
-
+* the **Content Type** is set to PEM 
 * the **Subject** field is set to the IP address or fully qualified domain name (FQDN) of your Azure NetApp Files endpoint using the format `"CN=<IP or FQDN>"`
 * the **DNS Names** entry specifies the IP address or FQDN
 
 :::image type="content" source="./media/object-rest-api-access-configure/create-certificate.png" alt-text="Screenshot of create certificate options." lightbox="./media/object-rest-api-access-configure/create-certificate.png":::
 
-### [Script](#tab/script)
+#### [Script](#tab/script)
 
 This script creates a certificate locally. Set the computer name `CN=` to the IP address or fully qualified domain name (FQDN) of your object REST API-enabled endpoint. This script creates a folder that includes the necessary PEM file and private keys. 
 
@@ -101,24 +105,20 @@ To enable object REST API, you must create a bucket.
 
         Select Read or Read-Write. 
 
-    :::image type="content" source="./media/object-rest-api-access-configure/create-bucket.png" alt-text="Screenshot of create a bucket menu." lightbox="./media/object-rest-api-access-configure/create-bucket.png":::
-
-1. If you haven't provided a certificate, you can do one of the following:
-
-    1. If the certificate was generated and stored in Key Vault, use the PKCS#12 certificate  directly from the Azure Key Vault.  
-
-    1. If the certificate was generated locally (PEM), upload the PEM file by providing the following information:
-
     * **Fully qualified domain name**
 
         Enter the fully qualified domain name. 
 
-    * **Certificate source**
+    :::image type="content" source="./media/object-rest-api-access-configure/create-bucket.png" alt-text="Screenshot of create a bucket menu." lightbox="./media/object-rest-api-access-configure/create-bucket.png":::
+
+
+1. For the **Certificate source**, you can do one of the following:
 
-        Upload the appropriate certificate. Only PEM files are supported. 
+    1. To use a certificate stored in the Azure Key Vault, select **Azure Key Vault** and use the PKCS#12 certificate directly from the Azure Key Vault.  
 
-    Select **Save**. 
+    1. To upload the certificate manually, select **Upload Certificate** and upload the PEM) certificate.
 
+  
 1. Select **Create**. 
 
 After you create a bucket, you need to generate credentials to access the bucket.