From ea06bb891553555d3d678589f96655acd8fd5a82 Mon Sep 17 00:00:00 2001
From: Ti Chi Robot <ti-community-prow-bot@tidb.io>
Date: Tue, 30 Apr 2024 16:58:02 +0800
Subject: [PATCH] fix pd cert allowed cn description (#17259) (#17265)

---
 enable-tls-between-components.md | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/enable-tls-between-components.md b/enable-tls-between-components.md
index cb44e834b086..74d8639400fb 100644
--- a/enable-tls-between-components.md
+++ b/enable-tls-between-components.md
@@ -138,16 +138,17 @@ summary: 了解如何为 TiDB 集群内各组件间开启加密传输。
 
 如希望进行组件调用者身份认证，需要在生证书时通过 `Common Name` 标识证书使用者身份，并在被调用者配置检查证书 `Common Name` 列表来检查调用者身份。
 
+> **注意：**
+>
+> 目前 PD 的 `cert-allowed-cn` 配置项只能设置一个值。因此所有认证对象的 `commonName` 都要设置成同一个值。
+
 - TiDB
 
     在 `config` 文件或命令行参数中设置：
 
     ```toml
     [security]
-    cluster-verify-cn = [
-      "TiDB-Server",
-      "TiKV-Control",
-    ]
+    cluster-verify-cn = ["TiDB"]
     ```
 
 - TiKV
@@ -156,9 +157,7 @@ summary: 了解如何为 TiDB 集群内各组件间开启加密传输。
 
     ```toml
     [security]
-    cert-allowed-cn = [
-        "TiDB-Server", "PD-Server", "TiKV-Control", "RawKvClient1",
-    ]
+    cert-allowed-cn = ["TiDB"]
     ```
 
 - PD
@@ -167,7 +166,7 @@ summary: 了解如何为 TiDB 集群内各组件间开启加密传输。
 
     ```toml
     [security]
-    cert-allowed-cn = ["TiKV-Server", "TiDB-Server", "PD-Control"]
+    cert-allowed-cn = ["TiDB"]
     ```
 
 - TiFlash（从 v4.0.5 版本开始引入）
@@ -176,14 +175,14 @@ summary: 了解如何为 TiDB 集群内各组件间开启加密传输。
 
     ```toml
     [security]
-    cert_allowed_cn = ["TiKV-Server", "TiDB-Server"]
+    cert_allowed_cn = ["TiDB"]
     ```
 
     在 `tiflash-learner.toml` 文件中设置：
 
     ```toml
     [security]
-    cert-allowed-cn = ["PD-Server", "TiKV-Server", "TiFlash-Server"]
+    cert-allowed-cn = ["TiDB"]
     ```
 
 ## 证书重新加载