From f5e1929b77918853c18df900c63ef486d0c9c1a5 Mon Sep 17 00:00:00 2001
From: Travis Cosgrave <tcosgrave@wayfair.com>
Date: Fri, 15 Dec 2017 23:05:23 +0100
Subject: [PATCH] updating docs based on review feedback

---
 builtin/credential/cert/path_certs.go      | 5 +++--
 website/source/api/auth/cert/index.html.md | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/builtin/credential/cert/path_certs.go b/builtin/credential/cert/path_certs.go
index 23467a0bc376..63cbec4b183b 100644
--- a/builtin/credential/cert/path_certs.go
+++ b/builtin/credential/cert/path_certs.go
@@ -47,8 +47,9 @@ At least one must exist in either the Common Name or SANs. Supports globbing.`,
 
 			"required_extensions": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
-				Description: `A comma-separated list of extensions
-formatted as "$oid:value". All values much match. Supports globbing on $value.`,
+				Description: `A comma-separated string or array of extensions
+formatted as "oid:value". Expects the extension value to be some type of ASN1 encoded string.
+All values much match. Supports globbing on "value".`,
 			},
 
 			"display_name": &framework.FieldSchema{
diff --git a/website/source/api/auth/cert/index.html.md b/website/source/api/auth/cert/index.html.md
index 7e1994bc8aff..f94f5f659ab5 100644
--- a/website/source/api/auth/cert/index.html.md
+++ b/website/source/api/auth/cert/index.html.md
@@ -33,8 +33,9 @@ Sets a CA cert and associated parameters in a role name.
   the client certificate with a [globbed pattern]
   (https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is 
   a comma-separated list of patterns.  Authentication requires at least one Name matching at least one pattern.  If not set, defaults to allowing all names.
-- `required_extensions` `(string: "")` - Require specific Custom Extension OIDs to exist and match the pattern. 
-   Value is a comma separated list of `oid:glob,oid:glob`. All conditions _must_ be met.
+- `required_extensions` `(string: "" or array:[])` - Require specific Custom Extension OIDs to exist and match the pattern. 
+   Value is a comma separated string or array of `oid:value`. Expects the extension value to be some type of ASN1 encoded string.
+   All conditions _must_ be met. Supports globbing on `value`.
 - `policies` `(string: "")` - A comma-separated list of policies to set on tokens 
   issued when authenticating against this CA certificate.
 - `display_name` `(string: "")` -   The `display_name` to set on tokens issued