From c135d34b0ab0ab312007875d869b86edd2b041ad Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Mon, 2 Dec 2024 16:39:34 -0500 Subject: [PATCH] docs: update db self-hosted for custom ca (#49599) --- .../includes/database-access/self-hosted-introduction.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/pages/includes/database-access/self-hosted-introduction.mdx b/docs/pages/includes/database-access/self-hosted-introduction.mdx index da9db52cd28e3..5fcd5bd3e7f08 100644 --- a/docs/pages/includes/database-access/self-hosted-introduction.mdx +++ b/docs/pages/includes/database-access/self-hosted-introduction.mdx @@ -5,14 +5,14 @@ system](../../enroll-resources/database-access/rbac.mdx). The Teleport Database Service proxies traffic from database clients to self-hosted databases in your infrastructure. Teleport maintains a certificate -authority for database clients. You configure your database to trust the +authority (CA) for database clients. You configure your database to trust the Teleport database client CA, and the Teleport Database Service presents certificates signed by this CA when proxying user traffic. With this setup, there is no need to store long-lived credentials for self-hosted databases. Meanwhile, the Teleport Database Service verifies self-hosted databases by checking their TLS certificates against either the Teleport database CA or a -custom CA chosen by the user. +custom CA used with the database. In this guide, you will: