diff --git a/modules/nw-mutual-tls-auth.adoc b/modules/nw-mutual-tls-auth.adoc
index 25319a42e343..79156a4ef043 100644
--- a/modules/nw-mutual-tls-auth.adoc
+++ b/modules/nw-mutual-tls-auth.adoc
@@ -30,9 +30,9 @@ If the `clientCA` value specifies an X509v3 certificate revocation list (CRL) di
 [source,terminal]
 ----
 $ oc create configmap \
-   router-ca-certs-default \
-   --from-file=ca-bundle.pem=client-ca.crt \// <1>
-   -n openshift-config
+  router-ca-certs-default \
+  --from-file=ca-bundle.pem=client-ca.crt \// <1>
+  -n openshift-config
 ----
 <1> The config map data key must be `ca-bundle.pem`, and the data value must be a CA certificate in PEM format.
 
@@ -61,9 +61,16 @@ $ oc edit IngressController default -n openshift-ingress-operator
       allowedSubjectPatterns:
       - "^/CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift$"
 ----
+
 . Optional, get the Distinguished Name (DN) for `allowedSubjectPatterns` by entering the following command.
++
 [source,terminal]
 ----
-$ openssl  x509 -in custom-cert.pem  -noout -subject
-subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift
+$ openssl x509 -in custom-cert.pem -noout -subject
+----
++
+.Example output
+[source,text]
+----
+subject=C=US, ST=NC, O=Security, OU=OpenShift, CN=example.com
 ----