From 6bb6182745a68801958cc9605d45bda3caa4bed3 Mon Sep 17 00:00:00 2001
From: Jeffy Mathew <jeffy.mathew100@gmail.com>
Date: Thu, 12 Sep 2024 10:44:30 +0200
Subject: [PATCH] revert certificates config upstream docs changes

---
 config/config.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/config.go b/config/config.go
index ee950a73cfe..6bb89c07839 100644
--- a/config/config.go
+++ b/config/config.go
@@ -567,7 +567,10 @@ type CoProcessConfig struct {
 
 type CertificatesConfig struct {
 	API []string `json:"apis"`
-	// Specify upstream mutual TLS certificates at a global level in the following format: `{ "<host>": "<cert>" }``
+	// Upstream is used to specify the certificates to be used in mutual TLS connections to upstream services. These are set at gateway level as a map of domain -> certificate id or path.
+	// For example if you want Tyk to use the certificate `ab23ef123` for requests to the `example.com` upstream and `/certs/default.pem` for all other upstreams then:
+	// In `tyk.conf` you would configure `"security": {"certificates": {"upstream": {"*": "/certs/default.pem", "example.com": "ab23ef123"}}}`
+	// And if using environment variables you would set this to `*:/certs/default.pem,example.com:ab23ef123`.
 	Upstream map[string]string `json:"upstream"`
 	// Certificates used for Control API Mutual TLS
 	ControlAPI []string `json:"control_api"`