diff --git a/doc/common/section_keystone_certificates-for-pki.xml b/doc/common/section_keystone_certificates-for-pki.xml
index 7cad51a116..77b30f08aa 100644
--- a/doc/common/section_keystone_certificates-for-pki.xml
+++ b/doc/common/section_keystone_certificates-for-pki.xml
@@ -113,8 +113,8 @@ SrWY8lF3HrTcJT23sZIleg==</screen>
         <title>Sign certificate issued by external CA</title>
         <para>You can use a signing certificate issued by an external
             CA instead of generated by
-                <command>keystone-manage</command>. However,
-            certificate issued by external CA must satisfy the
+                <command>keystone-manage</command>. However, a
+            certificate issued by an external CA must satisfy the
             following conditions:</para>
         <itemizedlist>
             <listitem>