openshift
diff --git a/‎modules/microshift-ingress-controller-conc.adoc
Lines changed: 8 additions & 1 deletion b/‎modules/microshift-ingress-controller-conc.adoc
Lines changed: 8 additions & 1 deletion
@@ -13,4 +13,11 @@ With more configuration options, you can fine-tune ingress to meet your specific
 * If your application starts processing requests from clients but the connection is
 closed before it can respond, you can set the `ingress.tuningOptions.serverTimeout` parameter in the configuration file to a higher value to accommodate the speed of the response from the server.
 
-* If the router has many connections open because an application running on the cluster does not close connections properly, you can set the `ingress.tuningOptions.serverTimeout` and `spec.tuningOptions.serverFinTimeout` parameters to a lower value, forcing those connections to close sooner.
+* If the router has many connections open because an application running on the cluster does not close connections properly, you can set the `ingress.tuningOptions.serverTimeout` and `spec.tuningOptions.serverFinTimeout` parameters to a lower value, forcing those connections to close sooner.
+
+* If you want to enable the optional use of client certificates, you can set the 'ingress.clientTLS' parameter to 'Optional' so that the Operator configures the ingress controller to request and verify client certificates using the provided CA certificate bundle while still allowing clients that do not present a client certificate. The user enables client TLS with the 'Required' client certificate policy and a custom client CA certificate bundle. The operator configures the ingress controller to request and verify client certificates using the provided CA certificate bundle and reject clients that do not present valid client certificates.
+
+* The user enables client TLS with the Required client certificate policy and a custom client CA certificate bundle with a CA certificate using the X509v3 extension to specify one or more CRL distribution points in the certificate. The operator configures the IngressController to request and verify client certificates using the provided CA certificate bundle and reject clients that do not present valid client certificates. The operator periodically updates the CRL using the distribution points.
+
+* User wants to configure organization trusted SSL certificate that will be served to the application users. User wants to  rotate/renew organization trusted SSL certificate that will be served to the application users (day 2). User want to  enable client TLS  and client certificate policy (mTLS) . 
+Allow users to configure the additional HAProxy/Router security customization parameters, see Proposal table for details.