Merge pull request #6727 from EnterpriseDB/docs/edits_to_pem10_group1

Edits to PEM 10 - first set

Author: nidhibhammar

install_template/templates/products/postgres-enterprise-manager-server/base.njk

@@ -93,7 +93,7 @@ For more details, see [Configuring the PEM server on Linux](../configuring_the_p
 
 !!! Note
 
-    - The operating system user pem is created while installing the PEM server. The pem application data and the session is saved to this user's home directory.
+    - The operating system user pem is created while installing the PEM server. The PEM application data and the session is saved to this user's home directory.
 
 ## Supported locales
 

product_docs/docs/epas/13/epas_guide/03_database_administration/02_index_advisor/index.mdx

@@ -18,7 +18,7 @@ There are three ways to use Index Advisor to analyze SQL queries:
 
 -   Provide queries at the EDB-PSQL command line that you want Index Advisor to analyze.
 
--   Access Index Advisor through the Postgres Enterprise Manager client. When accessed via the PEM client, Index Advisor works with SQL Profiler, providing indexing recommendations on code captured in SQL traces. For more information about using SQL Profiler with PEM, see the [Using the SQL Profiler](/pem/latest/profiling_workloads/using_sql_profiler.mdx) and [Using the Index Advisor](03_using_index_advisor.mdx).
+-   Access Index Advisor through the Postgres Enterprise Manager client. When accessed via the PEM client, Index Advisor works with SQL Profiler, providing indexing recommendations on code captured in SQL traces. For more information about using SQL Profiler with PEM, see the [Using SQL Profiler](/pem/latest/profiling_workloads/using_sql_profiler.mdx) and [Using Index Advisor](03_using_index_advisor.mdx).
 
 Index Advisor will attempt to make indexing recommendations on `INSERT`, `UPDATE`, `DELETE` and `SELECT` statements. When invoking Index Advisor, you supply the workload in the form of a set of queries (if you are providing the command in an SQL file) or an `EXPLAIN` statement (if you are specifying the SQL statement at the psql command line). Index Advisor displays the query plan and estimated execution cost for the supplied query, but does not actually execute the query.
 

product_docs/docs/epas/14/epas_guide/03_database_administration/02_index_advisor/index.mdx

@@ -16,7 +16,7 @@ You can use Index Advisor to analyze SQL queries in any of these ways:
 
 -   Invoke the Index Advisor utility program, supplying a text file containing the SQL queries that you want to analyze. Index Advisor generates a text file with `CREATE INDEX` statements for the recommended indexes.
 -   Provide queries at the EDB-PSQL command line that you want Index Advisor to analyze.
--   Access Index Advisor through the Postgres Enterprise Manager (PEM) client. When accessed using the PEM client, Index Advisor works with SQL Profiler, providing indexing recommendations on code captured in SQL traces. For more information about using SQL Profiler with PEM, see [Using the SQL Profiler](/pem/latest/profiling_workloads/using_sql_profiler.mdx) and [Using the Index Advisor](03_using_index_advisor.mdx).
+-   Access Index Advisor through the Postgres Enterprise Manager (PEM) client. When accessed using the PEM client, Index Advisor works with SQL Profiler, providing indexing recommendations on code captured in SQL traces. For more information about using SQL Profiler with PEM, see [Using SQL Profiler](/pem/latest/profiling_workloads/using_sql_profiler.mdx) and [Using Index Advisor](03_using_index_advisor.mdx).
 Index Advisor attempts to make indexing recommendations on `INSERT`, `UPDATE`, `DELETE`, and `SELECT` statements. When invoking Index Advisor, you supply the workload in the form of either:
 
 - If you're providing the command in an SQL file, a set of queries 

product_docs/docs/epas/15/managing_performance/02_index_advisor/index_advisor_overview.mdx

@@ -9,7 +9,7 @@ You can use Index Advisor to analyze SQL queries in any of these ways:
 
 -   Invoke the Index Advisor utility program, supplying a text file containing the SQL queries that you want to analyze. Index Advisor generates a text file with `CREATE INDEX` statements for the recommended indexes.
 -   Provide queries at the EDB-PSQL command line that you want Index Advisor to analyze.
--   Access Index Advisor through the Postgres Enterprise Manager (PEM) client. When accessed using the PEM client, Index Advisor works with SQL Profiler, providing indexing recommendations on code captured in SQL traces. For more information about using SQL Profiler and Index Advisor with PEM, see [Using the SQL profiler](/pem/latest/profiling_workloads/using_sql_profiler.mdx) and [Using the Index Advisor](03_using_index_advisor.mdx).
+-   Access Index Advisor through the Postgres Enterprise Manager (PEM) client. When accessed using the PEM client, Index Advisor works with SQL Profiler, providing indexing recommendations on code captured in SQL traces. For more information about using SQL Profiler and Index Advisor with PEM, see [Using SQL profiler](/pem/latest/profiling_workloads/using_sql_profiler.mdx) and [Using Index Advisor](03_using_index_advisor.mdx).
 
 Index Advisor attempts to make indexing recommendations on `INSERT`, `UPDATE`, `DELETE`, and `SELECT` statements. When invoking Index Advisor, you supply the workload in the form of either:
 

product_docs/docs/pem/10/certificates/index.mdx

@@ -18,10 +18,10 @@ PEM uses SSL certificates:
 - To secure requests to the [web server](#web-server-certificates), which provides the user interface and REST API.
 - To secure and authenticate the [PEM agent connections to the PEM backend database](#pem-backend-database-server-and-agent-connection-certificates).
 
-## Web-server certificates
+## Web server certificates
 
 PEM generates an SSL certificate and key file for the web server during initial configuration.
-Because the certificate is self-signed, users will see a warning that the site is insecure when they open the PEM web application URL in their browser.
+Because the certificate is self-signed, a warning states that the site is insecure when users open the PEM web application URL in a browser.
 
 To increase security and remove this warning, you can replace the self-signed SSL certificate with a certificate signed by a trusted certificate authority.
 
@@ -37,13 +37,13 @@ Change the server name and file paths in the configuration file to match your ce
 ```text
 server {
    # lines omitted here
-   server_name  yourdomain.com;
+   server_name  <yourdomain.com>;
    # lines omitted here
 }
 
 server {
    # lines omitted here
-   server_name  yourdomain.com;
+   server_name  <yourdomain.com>;
 
    ssl_certificate /path/to/your_domain_name.crt
    ssl_certificate_key /path/to/your_private.key
@@ -70,12 +70,12 @@ For a worked example, see [Replacing httpd self-signed SSL certificates](https:/
 ## PEM backend database server and agent connection certificates
 
 PEM implements secured SSL/TLS connections between PEM agents and the backend database. 
-Each agent has an SSL certificate which is used both to encrypt its communication with the server and to authenticate with the server in place of a password.
+Each agent has an SSL certificate that's used both to encrypt its communication with the server and to authenticate with the server in place of a password.
 
-PEM uses the sslutils extension to allow the PEM server to generate and sign SSL certificates and keys. When a new agent is registered, the PEM server automatically issues it with a certificate.
+PEM uses the sslutils extension to allow the PEM server to generate and sign SSL certificates and keys. When a new agent is registered, the PEM server issues it a certificate.
 Certificates issued by the PEM server are signed by the PEM server, meaning the PEM server is acting as a certificate authority (CA).
 
-If the above is not suitable, you can use SSL certificates and keys generated outside of PEM and signed by a trusted CA. 
+If this approach isn't suitable, you can use SSL certificates and keys generated outside of PEM and signed by a trusted CA. 
 For more information, see [Trusted CA certificates and keys](#use-certificates-and-keys-signed-by-trusted-ca).
 
 ### Certificates and key files on the PEM server
@@ -90,7 +90,7 @@ During initial configuration of the PEM server, the following files are generate
 - `server.key`
 
 The `ca_certificate.crt` and `ca_key.key` files are used by the PEM server to sign certificates generated for agents during agent registration.
-They are also used to sign `server.crt`. Unless replaced manually, the 'ca_certificate.crt' file is a self-signed certificate because is acting as the root CA.
+They're also used to sign `server.crt`. Unless replaced manually, the 'ca_certificate.crt' file is a self-signed certificate because it's acting as the root CA.
 
 The `root.crt` file is a copy of the `ca_certificate.crt` file. The `ssl_ca_file` parameter in the `postgresql.conf` file points to this file.
 
@@ -100,33 +100,33 @@ The `ssl_crl_file` parameter in the `postgresql.conf` file points to this file.
 The `server.crt` file is the signed certificate for the PEM server, and the `server.key` file is the private key to the certificate.
 The `ssl_cert_file` parameter in the `postgresql.conf` file points to this file.
 
-These files are automatically renewed when they near their expiry date, see [PEM CA certificate renewal](#pem-certificate-renewal).
+These files are automatically renewed when they near their expiry date. See [PEM CA certificate renewal](#pem-certificate-renewal).
 
 ### Certificates and key files for PEM agents
 
 Each agent's SSL certificate and keys are generated during [agent registration](../registering_agent). 
 The PEM agent connects to the PEM backend database server using the libpq interface, acting as a client of the backend database server. 
-The PEM agent connect to the server using the `cert` auth method and with ssl enabled.
-This means that the connection is encrypted using the agent's key and authenticated using the agent's certificate (rather than a password, for example).
+The PEM agent connects to the server using the `cert` auth method and with ssl enabled.
+This means that the connection is encrypted using the agent's key and authenticated using the agent's certificate instead of, for example, a password.
 
 Each agent has a unique identifier, and the agent certificates and keys have the corresponding identifier. 
 
-If required, you can use the same certificate for all agents rather than one certificate per agent. For more information, see [Generate common agent certificate and key pair](#generate-a-common-agent-certificate-and-key-pair).
+If required, you can use the same certificate for all agents rather than one certificate per agent. For more information, see [Generate a common agent certificate and key pair](#generate-a-common-agent-certificate-and-key-pair).
 
-For more information on using the SSL certificates to connect in Postgres, see [Securing TCP/IP connections with SSL](https://www.postgresql.org/docs/current/ssl-tcp.html).
+For more information on using the SSL certificates to connect in Postgres, see [Securing TCP/IP connections with SSL](https://www.postgresql.org/docs/current/ssl-tcp.html) in the Postgres documentation.
 
 ### PEM certificate renewal
 
-SSL certificates have an expiry date. If you are using certificates and keys generated by PEM, they are automatically replaced before expiring.
+SSL certificates have an expiry date. If you're using certificates and keys generated by PEM, PEM replaces them before they expire.
 The PEM agent installed with the PEM server monitors the expiration date of the `ca_certificate.crt` file. When the certificate is about to expire, PEM:
 
-- Makes a backup of the existing certificate files
-- Creates new certificate files and appends the new CA certificate file to the `root.crt` file on the PEM server
-- Creates a job to renew the certificate file for any active agents
-- Restarts the PEM server
+- Makes a backup of the existing certificate files.
+- Creates new certificate files and appends the new CA certificate file to the `root.crt` file on the PEM server.
+- Creates a job to renew the certificate file for any active agents.
+- Restarts the PEM server.
 
 !!! Important
-If you choose to either provide your own certificates, or use a single certificate for all agents, you should disable the automatic renewal job.
+If you choose to provide your own certificates or use a single certificate for all agents, disable the automatic renewal job.
 On the PEM server, execute the following SQL:
 
 ```sql
@@ -136,7 +136,7 @@ WHERE jobname = 'Check CA certificate expiry';
 ```
 !!!
 
-If you need to regenerate the server or agent certificates manually, please see:
+If you need to regenerate the server or agent certificates manually, see:
   - [Regenerating the server SSL certificates](replacing_ssl_certificates)
   - [Regenerating agent SSL certificates](regenerating_agent_certificates)
 
@@ -146,7 +146,7 @@ By creating and using a single Postgres user for all PEM agents rather than one
 
 Create a user, generate an agent certificate and key pair, and use them for all PEM agents.
 
-1. Create one common agent user in the PEM backend database. Grant the `pem_agent` role to the user.
+1. Create one common agent user in the PEM backend database. Grant the pem_agent role to the user.
 
    ```shell
    # Running as enterprisedb
@@ -176,7 +176,7 @@ Create a user, generate an agent certificate and key pair, and use them for all
    openssl x509 -req -days 365 -in agent.csr -CA ca_certificate.crt -CAkey ca_key.key -CAcreateserial -out agent.crt
    ```
 
-1. Change the permissions on the `agent.crt` and `agent.key` file:
+1. Change the permissions on the `agent.crt` and `agent.key` files:
 
    ```shell
    chmod 600 agent.crt agent.key
@@ -209,7 +209,7 @@ Create a user, generate an agent certificate and key pair, and use them for all
 
    - To replace the agent certificate and key pair with the registered agent.
 
-     a. Edit the `agent_user`, `agent_ssl_key`, and `agent_ssl_crt` parameters in `agent.cfg` file of the agent host:
+     a. Edit the `agent_user`, `agent_ssl_key`, and `agent_ssl_crt` parameters in the `agent.cfg` file of the agent host:
 
         ```shell
         vi /usr/edb/pem/agent/etc/agent.cfg
@@ -262,7 +262,7 @@ After obtaining the trusted CA certificates and keys, replace the [server](#repl
 
 1. Ask your CA to sign the CSR and generate the server certificate for you. 
 
-1. Verify the details of the new server certificate aren't tampered with and match your provided details:
+1. Verify that the details of the new server certificate aren't tampered with and match your provided details:
 
    ```shell
    openssl x509 -noout -text -in server.crt
@@ -277,16 +277,16 @@ After obtaining the trusted CA certificates and keys, replace the [server](#repl
 1. If the trusted CA doesn't provide CRL, disable CRL usage by the server. To disable the CRL usage, comment the `ssl_crl_file` parameter in the `postgresql.conf` file.
 
    !!! Note
-       If you accidentally leave a CRL from a previous CA in place and do not comment out `ssl_crl_file`, the server will start but authentication will fail with an SSL error message `tlsv1 alert unknown ca`.
-       The error doesn't specify that the CRL is the cause, so this can be difficult to debug if encountered out of context.
+       If you leave a CRL from a previous CA in place and don't comment out `ssl_crl_file`, the server will start. However, authentication will fail with an SSL error message: `tlsv1 alert unknown ca`.
+       The error doesn't specify that the CRL is the cause, so this issue can be difficult to debug if encountered out of context.
 
 1. Copy the new `root.crt`, `server.key`, and `server.crt` files to the data directory of the backend database server:
 
    ```shell
    cp root.crt server.key server.crt /var/lib/edb/as<x>/data
    ```
 
-1. Change the owner and permissions of the new certificates and key files to be the same as the data directory:
+1. Change the owner and permissions of the new certificates and key files to the same name as the data directory:
 
    ```shell
    cd /var/lib/edb/as<x>/data/
@@ -369,7 +369,7 @@ Replace the agent SSL certificates only after replacing the server certificates
      Use the Services applet to restart the PEM agent. The PEM agent service is named Postgres Enterprise Manager Agent. Select the service name in the Services dialog box, and select **Restart the service**.
 
 !!! Note
-For agents registered after following the process above you can provide a certificate to the agent at the time of registration as shown in the [second example](/pem/latest/registering_agent/#overriding-default-configurations---examples).
+For agents registered after following the preceding process, you can provide a certificate to the agent at the time of registration as shown in the [second example](/pem/latest/registering_agent/#overriding-default-configurations---examples).
 !!!
 
 !!!note
@@ -393,7 +393,7 @@ This command returns `agent1.crt: OK` on success or an explanatory message on fa
 
 ### Make a test connection to the PEM backend database
 
-To verify whether the agent user can connect using a certificate, on the server where the agent is located, execute the following commands as root:
+To verify whether the agent user can connect using a certificate, as root on the server where the agent is located, execute:
 
 ```shell
 PGHOST=<pem_host>
@@ -407,14 +407,15 @@ export PGHOST PGPORT PGUSER PGSSLCERT PGSSLKEY PGSSLMODE
 
 <psql_path> -A -t -c "SELECT version()"
 ```
+
 Where:
 - `<psql_path>` is the full path to the psql executable, for example `/usr/edb/as15/bin/psql`.
 - `<pem_host>` is the hostname or IP address of PEM server.
 - `<pem_db_port>` is the PEM backend database server port.
 - `<ID>` is the ID of the agent you're testing, as defined in the file `/usr/edb/pem/agent/etc/agent.cfg`.
 
 !!! Note
-If you used the instructions in [Generate a common agent certificate and key pair](#generate-a-common-agent-certificate-and-key-pair)
+If you used the instructions in [Generate a common agent certificate and key pair](#generate-a-common-agent-certificate-and-key-pair),
 you must set `PGUSER` to the common agent username.
 !!!