From 69d561e15e7bcc71f395b2e023e365467b0c9cd1 Mon Sep 17 00:00:00 2001
From: Michael Schurter <schmichael@hashicorp.com>
Date: Fri, 11 Aug 2017 20:20:11 -0700
Subject: [PATCH] Add openssl rand example; reword intermediate CAs

Thanks @jvoorhis!
---
 website/source/guides/tls.html.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/website/source/guides/tls.html.md b/website/source/guides/tls.html.md
index ce3e66099..bef4b4984 100644
--- a/website/source/guides/tls.html.md
+++ b/website/source/guides/tls.html.md
@@ -48,9 +48,8 @@ be signed by the same Certificate Authority (CA). This should be a _private_ CA
 and not a public one like [Let's Encrypt][letsencrypt] as any certificate
 signed by this CA will be allowed to communicate with the cluster.
 
-~> Nomad certificates may be signed by different intermediate CAs as long as
-   the full `ca_file` on each node contains all of the CA certificates in the
-   chain.
+~> Nomad certificates may be signed by intermediate CAs as long as the root CA
+   is the same. Append all intermediate CAs to the `cert_file`.
 
 ### Certificate Authority
 
@@ -367,10 +366,10 @@ cg8StVXbQJ0gPvMd9o7yrg==
 Alternatively, you can use any method that base64 encodes 16 random bytes:
 
 ```text
+$ openssl rand -base64 16
+raZjciP8vikXng2S5X0m9w==
 $ dd if=/dev/urandom bs=16 count=1 status=none | base64
 LsuYyj93KVfT3pAJPMMCgA==
-$ python -c 'import base64; print base64.b64encode(open("/dev/urandom").read(16))'
-uTI2KkW+5WrRTETEfc0ZBQ==
 ```
 
 Put the same generated key into every server's configuration file or command