sigstore · ltagliaferri · Dec 15, 2023 · Dec 13, 2023 · Dec 13, 2023
diff --git a/content/en/about/overview.md b/content/en/about/overview.md
@@ -50,11 +50,11 @@ A Sigstore client, such as Cosign, requests a certificate from our code-signing
 
 You don’t have to manage signing keys, and Sigstore services never obtain your private key. The public key that a Sigstore client creates gets bound to the issued certificate, and the private key is discarded after a single signing.
 
-After the client signs the artifact, the artifact's digest, signature and certificate are persisted in a transparency log: an immutable, append-only ledger known as Rekor. With this log, signing events can be publicly audited. Identity owners can monitor the log to verify that their identity is being properly used, and someone who downloads and artifact can confirm that the certificate was valid at the time of signing.
+After the client signs the artifact, the artifact's digest, signature and certificate are persisted in a transparency log: an immutable, append-only ledger known as Rekor. With this log, signing events can be publicly audited. Identity owners can monitor the log to verify that their identity is being properly used, and someone who downloads an artifact can confirm that the certificate was valid at the time of signing.
 
 For verifying an artifact, a Sigstore client will verify the signature on the artifact using the public key from the certificate, verify the identity in the certificate matches an expected identity, verify the certificate's signature using Sigstore's root of trust, and verify proof of inclusion in Rekor. Together, verification of this information tells the user that the artifact comes from its expected source and has not been tampered with after its creation.
 
-For more information on the modules that make up Sigstore, review [Toolling]({{< relref "about/tooling">}}).
+For more information on the modules that make up Sigstore, review [Tooling]({{< relref "about/tooling">}}).
 
 ## How to use Sigstore
 

diff --git a/content/en/certificate_authority/certificate-issuing-overview.md b/content/en/certificate_authority/certificate-issuing-overview.md
@@ -73,7 +73,7 @@
 by the certificate authority. This will form a chain of trust from the issued
 certificate to the certificate authority root certificate.


 Fulcio supports several signing backends to sign certificates:

 - KMS: A KMS key hosted on GCP, AWS, Azure or Hashicorp
@@ -82,7 +82,7 @@
  [softHSM](https://www.opendnssec.org/softhsm/) and others
 - [Google CA Service](https://cloud.google.com/certificate-authority-service/docs): A GCP-hosted certificate authority
 - Files: An on-disk password-protected private key
 - Ephemeral (for testing): An in-memory key pair generated on start up 

 See [Setting up a Fulcio instance](https://github.com/sigstore/fulcio/blob/main/docs/setup.md) for more details.

@@ -113,4 +113,6 @@
 
 ## 7 — Return certificate to client
 
+Finally, the certificate and SCT are both returned to the client.
+
 ![Fulcio return the certificate to the client](/fulcio-7-return-to-client.png)