fix: Reviewed english version

geant-tcs/docs/en/376ca61dd09cfc71579e9bf49725c60742dd51c04d00f32686f6a824d9ba4482.md

-# Emergency/transition process for generating e-mail certificates
+!!! warning
+    This text was automatically translated using DeepL. We will check and amend this text in the near future.
+
+# Emergency/transition process for generating email certificates
 
 !!! warning
-The process described here does __not__ meet the security standards that the KIT normally strives for.
-We therefore generally advise against following the procedure described here. Exception: a certificate is
-__now__ mandatory for business purposes.
+    This process does __not__ meet the usual security standards that KIT-CA normally strives for.
+    We therefore generally advise against following the procedure described here. Exception: a certificate is
+    __now__ mandatory for business purposes.
 
 The process described here has the following problems:
 
-1. the private key is generated by the CA service provider and not by the user. This breaks an important basic assumption of end-to-end encryption.
-2. you can have exactly one e-mail address in the certificate, this corresponds to the user name at HARICA.
-3. certificates are only e-mail-validated (and not organization-validated), so there is only the e-mail address in the certificate. Both the real name and a reference to the KIT are missing.
-4. there is no automatic mechanism for publishing in the KIT global address book, this must be initiated <a href="#publish-to-ad">manually by the user</a>.
+1. The private key is generated by the CA service provider (HARICA) and not by the user. This breaks an important basic assumption of end-to-end encryption.
+2. The certificate can contain exactly one email address which corresponds to your username at HARICA.
+3. Certificates are only email-validated (and not organization-validated), it only contains the email address. Both the real name and a reference to KIT are missing.
+4. There is no automatic mechanism for publishing into the KIT global address book; this must be <a href="#publish-to-ad">manually initiated by the user</a>.
 
-For example, if you want to have a certificate for `beate.beispiel@kit.edu`, `b.beispiel@kit.edu` and `bb4711@sysmail.kit.edu`
-you have to go through the following instructions completely for each of these addresses.
+For example: if you wish to obtain a certificate for `beate.beispiel@kit.edu`, `b.beispiel@kit.edu` and `bb4711@sysmail.kit.edu`,
+you have to repeat the following instructions for each of these addresses.
 
-The process is roughly based on [these instructions from HARICA](https://guides.harica.gr/docs/Guides/Email-Certificate/Email-only-request/),
+This process is roughly based on [these instructions from HARICA](https://guides.harica.gr/docs/Guides/Email-Certificate/Email-only-request/),
 but differs in a few details. If you have any questions or uncertainties, please also refer to this guide.
 
 ## Step 1: Create an account with HARICA
 
-[Create a new account at HARICA](https://cm.harica.gr/Register) with the exact e-mail address that is to be included in the certificate.
-certificate. If necessary, follow the instructions in the e-mails and the
-[HARICA instructions](https://guides.harica.gr/docs/Guides/Email-Certificate/Email-only-request/). Then log in
-then log in to [HARICA in CertManager](https://cm.harica.gr/Login) with this account.
+[Create a new account at HARICA](https://cm.harica.gr/Register) with the exact email address that is to be included in the certificate.
+If necessary, follow the instructions in the emails and the [HARICA instructions](https://guides.harica.gr/docs/Guides/Email-Certificate/Email-only-request/). Then log in in to
+[HARICA in CertManager](https://cm.harica.gr/Login) with this account.
 
 ## Step 2: Apply for a certificate
 
-Select `eMail` in the left menu, then __Email-only__ under _Select the type of your certificate_ and at the bottom _Next_.
-at the bottom _Next_.
+Select `eMail` in the left menu, then __Email-only__ under _Select the type of your certificate_ and then _Next_at the bottom.
 
 _Select a method to validate your email address(es)_ should already be prefilled with __Validate via email to selected email address__
-in advance, continue here with _Next_.
+in advance, continue with _Next_.
 
 In the _Review the application before submitting_ view, check the box and submit with __Submit__.
 
 ![](img/tcs_harica_transition_process_review_application.webp){ width="552" }
 
-This will generate another e-mail with a validation link, please follow it.
+This will generate another email with a validation link, please follow the instructions there.
 
-Under _My Dashboard_ the requested certificate now appears under _Ready Certificates_ with a button
-__Enroll your Certificate__. This leads to this dialog:
+Under _My Dashboard_, the requested certificate now appears under _Ready Certificates_ with a button
+__Enroll your Certificate__. Clicking the button leads to this dialog:
 
 ![](img/tcs_harica_transition_process_enrollment_settings.webp){ width="701" }
 
@@ -53,24 +54,23 @@ and submit with __Enroll Certificate__.
 
 ![](img/tcs_harica_transition_process_enrollment_download.webp){ width="728" }
 
-You now have the option of downloading the finished certificate once.
+This is the only moment when you can download the finished certificate. Please do so and ensure you don't loose the downloaded file.
 
 ## Step 3: Install and set up the certificate
 
 The file you have just downloaded can normally be imported into the operating system by double-clicking on it (Windows, macOS).
 
-Note for Windows users: When importing, set the option _Mark key as exportable_. Then you can
-you can - for example when changing your computer - copy the certificate and private key from this computer to the new device.
-device:
+Note for Windows users: When importing, set the option _Mark key as exportable_. Then you have to option to
+copy the certificate and private key from this computer to the new device (for example when changing your computer).
 
 ![](img/windows_11_certificate_import_allow-export_en.webp){ width="531" }
 
-Thunderbird under Linux must import the certificate directly in the application: _Settings_ → _Privacy & Security_ → _Manage Certificates..._.
-Select the _Your certificates_ tab there, then _Import..._.  Then select the certificate for encryption and signature in the settings of the appropriate email account.
+Thunderbird under Linux must import the certificate directly in the application: _Settings_ → _Privacy & Security_ → _Manage Certificates…_.
+Select the _Your certificates_ tab there, then _Import…_.  Then select the certificate for encryption and signature in the settings of the appropriate email account.
 
-## Step 4: Set up e-mail client
+## Step 4: Set up email client
 
-* Instructions for [Outlook in Windows](/guides/en/configure_outlook/)
+* Instructions for [Outlook on Windows](/guides/en/configure_outlook/)
 * Instructions for [macOS & Apple Mail](/guides/en/install_p12_macos/)
 * Instructions for [Thunderbird (external link to Heidelberg University)](https://www.urz.uni-heidelberg.de/de/support/anleitungen/import-der-smime-zertifikate-in-thunderbird){:target="_blank"}
 
@@ -85,5 +85,5 @@ Download the certificate as __PEM__ (_not_ __PEM bundle__).
 
 ![](img/tcs_harica_transition_process_download_certificate.webp){ width="560" }
 
-Send an e-mail to [ca@kit.edu](mailto:ca@kit.edu?subject=%5BHARICA%5D%20Please%20publish%20my%20new%20certificate%20to%20GAL)
+Send an email to [ca@kit.edu](mailto:ca@kit.edu?subject=%5BHARICA%5D%20Please%20publish%20my%20new%20certificate%20to%20GAL)
 with the subject `[HARICA] Please publish my new certificate to GAL`. Attach the file you just downloaded.
\ No newline at end of file