diff --git a/x-pack/docs/en/rest-api/security/delegate-pki-authentication.asciidoc b/x-pack/docs/en/rest-api/security/delegate-pki-authentication.asciidoc
index 92d82f1c273..b8d20b23953 100644
--- a/x-pack/docs/en/rest-api/security/delegate-pki-authentication.asciidoc
+++ b/x-pack/docs/en/rest-api/security/delegate-pki-authentication.asciidoc
@@ -5,7 +5,7 @@
 <titleabbrev>Delegate PKI authentication</titleabbrev>
 ++++
 
-Implements the exchange of an {@code X509Certificate} chain into an {es} access
+Implements the exchange of an _X509Certificate_ chain into an {es} access
 token.
 
 [[security-api-delegate-pki-authentication-request]]
diff --git a/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc
index a3fc1a6c0b0..0964d1795b0 100644
--- a/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc
+++ b/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc
@@ -246,7 +246,9 @@ NOTE: PKI authentication delegation requires that the
 `xpack.security.authc.token.enabled` setting be `true` and that SSL/TLS be
 configured (without SSL/TLS client authentication).
 
-NOTE: {kib} also needs to be configured to allow PKI certificate authentication.
+NOTE: {kib} also needs to be
+{kibana-ref}/kibana-authentication.html#pki-authentication[configured to allow
+PKI certificate authentication].
 
 A PKI realm with `delegation.enabled` still works unchanged for clients
 connecting directly to {es}. Directly authenticated users, and users that are PKI