openconfig · morrowc · Dec 28, 2024 · Dec 28, 2024 · Jan 4, 2025
diff --git a/certz/README.md b/certz/README.md
@@ -38,9 +38,10 @@ The normal use-case would be to:
 SSL profiles logically group a certificate (private and public keys),
 Certificate Authority chain of certificates (a.k.a. a CA trust bundle) and
 a set of Certificate Revocation Lists into a set that then can be assigned
-as a whole to a gRPC server.
+as a whole to a gRPC service.
 
-There is always at least one profile present on a target - the `system_default_profile` which is vendor provided.
+There is always at least one profile present on a target - the `system_default_profile`
+which is vendor provided.
 This profile cannot be changed or deleted.
 See the the [System default SSL profile](#system-default-ssl-profile) section below.
 
@@ -49,9 +50,9 @@ Profiles existing on a target can be discovered using the
 
 A SSL profile can be added using the `Certz.AddProfile()` RPC.
 
-When no longer a profile is needed it can be removed from the target via
-`Certz.DeleteProfile()` RPC. Note that the gNxI SSL profile cannot be
-removed.
+When a profile is no longer needed it can be removed from the target via
+`Certz.DeleteProfile()` RPC. Note that the system_default_profile SSL
+profile cannot be removed.
 
 The SSL profile ID of a gRPC server is exposed in the YANG leaf
 `ssl-profile-id` which is an augment to the

diff --git a/certz/certz.proto b/certz/certz.proto
@@ -81,6 +81,8 @@ option go_package = "github.com/openconfig/gnsi/cert";
 // There is at least one SSL profile present on the target, the one that is used
 // by all gNxI microservices. It is created during the bootstrap phase and
 // cannot be removed.
+// SSL profiles maybe used by client, server or both services on the target
+// device.
 // Other services that require credentials _can_ use the same SSL profile as
 // the gNxI server or they can use a SSL profiles that is created using
 // the `AddProfile()` RPC. In any case, the assignment of a SSL profile to