Incoprorating review comment

Author: shankgan

content/en/docs/tasks/security/cert-management/custom-ca-k8s/index.md

@@ -64,17 +64,17 @@ To verify that they have been signed by the Kubernetes CA, you need to first ext
 
     The proxy_secret json file contains the CA root certificate for mTLS in the `trustedCA` field. Note that this certificate is base64 encoded.
 
-2. The certificate used by the Kubernetes CA (specifically the `kubernetes.io/legacy-unknown` signer) is loaded onto the secret associated with every service account in the bookinfo namespace. k get secret/$secret -n istio-system -o json | jq '.data."ca.crt"' | sed 's/\"//g' | base64 -d
+1. The certificate used by the Kubernetes CA (specifically the `kubernetes.io/legacy-unknown` signer) is loaded onto the secret associated with every service account in the bookinfo namespace.
 
     {{< text bash >}}
     $ secret="$(kubectl get secrets -n istio-system -o json | jq '.items[].metadata.name' | grep "account-token" | head -1 | sed 's/\"//g')"
     $ kubectl get secret/"$secret" -n istio-system -o json | jq '.data."ca.crt"' | sed 's/\"//g' | base64 -d
     {{< /text >}}
 
 
-3. Compare the certs obtained from step 1 and step 2. These two should be the same.
+1. Compare the certs obtained from step 1 and step 2. These two should be the same.
 
-4. (Optional) Follow the rest of the steps in the [bookinfo example](/docs/examples/bookinfo/) to ensure that communication between services is working as expected.
+1. (Optional) Follow the rest of the steps in the [bookinfo example](/docs/examples/bookinfo/) to ensure that communication between services is working as expected.
 
 ### Cleanup Part 1