Feature/412820 SSL/TLS certificate documentation for Directory Manager

[ivan-zamkovyi-nwx]

Add comprehensive SSL/TLS certificate documentation for Directory Manager 11.1 to address stricter certificate validation requirements introduced in the upgrade.

Changes:

• New requirements page: SSL Certificate for LDAP/Authentication (requirements/sslcertificate.md) detailing certificate installation location, validity requirements, and installation steps
• Enhanced upgrade guide: Added critical pre-upgrade Step 2.1 with certificate verification checklist and troubleshooting warnings
• New KB article: SSL Certificate Connection Failures (kb/.../ssl_certificate_connection_failures.md) covering symptoms, root causes, diagnostics, and resolution steps
• Supporting images: Added 2 screenshots showing certificate validity and chain verification

[github-actions]

Documentation PR Review

Editorial Review

docs/directorymanager/11.1/install/upgrade/upgrade.md

• Structure — Line 26: "Step 2.1" uses a non-standard numbering format inconsistent with the rest of the procedure, which uses Step N – (em dash) followed by a single-sentence action. A sub-step numbered 2.1 implies this is part of Step 2, but Step 2 is already complete. Consider renaming this as a prerequisite section before the numbered steps begin, or restructuring it as a standalone :::warning admonition placed before Step 3 to surface the requirement without breaking the step sequence. Suggested fix: Convert the entire section to a :::warning admonition placed between Step 2 and Step 3 with a title like "Verify SSL/TLS certificates before continuing."

• Structure — Line 28: **CRITICAL PRE-UPGRADE STEP** uses bold text as an informal alarm rather than an established admonition type. The :::warning admonition at lines 51–54 already handles this signal — the redundant label before the verification steps adds noise. Suggested fix: Remove the bold label and let the :::warning admonition carry the urgency.

• Structure — Lines 32 and 56: **Verification Steps:** and **If any certificates are missing or invalid:** use bold text as pseudo-headings. Netwrix docs use proper heading levels, not bold for section labels. Suggested fix: Use #### headings for these two labels, or restructure the content so the headings are not needed (e.g., fold the remediation block into the :::warning admonition).

• Clarity — Lines 52–53: The :::warning admonition uses NOT and FAIL in all-caps. Netwrix documentation uses sentence case throughout; emphasis belongs in bold or in the admonition type itself, not all-caps. Suggested fix: "Connections using self-signed certificates not in the Trusted Root CA store will fail after upgrade. Authentication and LDAP operations will be blocked if certificates are invalid."

• Clarity — Line 57: STOP is all-caps. Same rule applies. Suggested fix: "Stop the upgrade process."

• Clarity — Line 58: Install/update certificates uses a slash where the meaning is "install or update." Slashes in prose are ambiguous. Suggested fix: "Install or update the certificates."

• Completeness — Lines 51–59: The warning block tells the reader to stop and fix certificates but provides no link to where they can learn how. The new sslcertificate.md page covers exactly this. Suggested fix: Add a cross-reference, e.g., "See SSL Certificate for LDAP/Authentication for installation steps."

---

docs/directorymanager/11.1/requirements/sslcertificate.md

• Clarity — Line 7: The H1 heading reads "SQL Certificate for Windows Authentication" but the page covers SSL/TLS certificates, not SQL. This appears to be a typo. The frontmatter title is "SSL Certificate for LDAP/Authentication," which is correct. The H1 and frontmatter title also don't match each other. Suggested fix: Change the H1 to "SSL Certificate for LDAP and Authentication" (or match the frontmatter title exactly).

• Structure — Lines 12, 18, 30: All three section headings use #### (H4), but there are no H2 or H3 headings in the document. Skipping heading levels violates Netwrix structure standards and breaks accessibility. The page has one H1 and then jumps directly to H4. Suggested fix: Change all three #### headings to ## (H2) headings: ## Certificate installation location, ## Certificate validity requirements, ## Installation steps for self-signed certificates.

• Clarity — Line 21: "Certificate must not be null — A valid certificate must be presented" uses internal developer language ("null") that has no meaning to an IT administrator. A user cannot present a null certificate; they either have one configured or they don't. Suggested fix: Remove this item or rephrase as: "A valid certificate must be configured for the service."

• Completeness — Line 28: "Root certificate thumbprint must match" — match what? The statement is incomplete. A reader following this step has no way to know what they are comparing the thumbprint against or where to find the expected value. Suggested fix: Clarify what the thumbprint must match, e.g., "The root certificate thumbprint must match the certificate configured in Directory Manager Admin Center."

• Completeness — Line 48: The page ends after "Restart the Directory Manager Admin Center service/application pool" with no guidance on how to verify the installation succeeded. A reader who completes these steps has no way to confirm the certificate is trusted and working. Suggested fix: Add a verification step, e.g., "Open certlm.msc, navigate to Trusted Root Certification Authorities → Certificates, and confirm the imported certificate appears in the list."

---

docs/directorymanager/11.1/requirements/permissions/overview.md

No issues found. (Only change is a sidebar_position metadata update.)

---

Summary

9 editorial suggestions across 2 files. Vale and Dale issues are auto-fixed separately.

---

What to do next:

Comment @claude on this PR followed by your instructions to get help:

• @claude fix all issues — fix all editorial issues
• @claude help improve the flow of this document — get writing assistance
• @claude explain the voice issues — understand why something was flagged

You can ask Claude anything about the review or about Netwrix writing standards.

Automated fixes are only available for branches in this repository, not forks.

[github-actions]

Auto-Fix Summary

19 issues fixed, 3 skipped across 3 files

Category	Fixes
Contractions	5
Plurals	2
Substitutions	1
FollowTheStepsTo (rewrite)	1
OxfordComma (rewrite)	1
Dale: passive-voice	7
Dale: wordiness	2

Skipped (needs manual review)	Reason

| docs/directorymanager/11.1/requirements/sslcertificate.md:21 — Dale: passive-voice | Requirement-list phrasing ('A valid certificate must be presented'); changing the subject would alter the meaning of a criteria statement |
| docs/directorymanager/11.1/requirements/sslcertificate.md:25 — Dale: passive-voice | Requirement-list phrasing ('Chain must build successfully'); acceptable as a criteria item without an explicit subject |
| docs/directorymanager/11.1/install/upgrade/upgrade.md:172 — Dale: passive-voice | Describes historical behavior of the old system ('reports were generated'); passive voice is intentional for describing prior system state |

Ask @claude on this PR if you'd like an explanation of any fix.