-generates a certificate for each node and signs it by the previously created CA.
-These certificates are used
-for encrypted communication with the cluster's pveproxy service and the
-Shell/Console feature if SPICE is used.
+generates a certificate for each node which gets signed by the aforementioned
+CA. These certificates are used for encrypted communication with the cluster's
+`pveproxy` service and the Shell/Console feature if SPICE is used.