diff --git a/_topic_map.yml b/_topic_map.yml
index 4902962a83af..55f5d6a1527b 100644
--- a/_topic_map.yml
+++ b/_topic_map.yml
@@ -88,11 +88,6 @@ Topics:
     File: installing-aws-network-customizations
   - Name: Uninstalling a cluster on AWS
     File: uninstalling-cluster-aws
-- Name: Installing on user-provisioned AWS
-  Dir: installing_aws_user_infra
-  Topics:
-  - Name: Installing a cluster on AWS using CloudFormation templates
-    File: installing-aws-user-infra
 - Name: Installing on Azure
   Dir: installing_azure
   Topics:
@@ -115,19 +110,11 @@ Topics:
     File: installing-gcp-customizations
   - Name: Uninstalling a cluster on GCP
     File: uninstalling-cluster-gcp
-- Name: Installing in restricted networks
-  Dir: installing_restricted_networks
+- Name: Installing on user-provisioned AWS
+  Dir: installing_aws_user_infra
   Topics:
-  - Name: Creating a mirror registry for a restricted network
-    File: installing-restricted-networks-preparations
-  - Name: Restricted network AWS installation
-    File: installing-restricted-networks-aws
-  - Name: Restricted network bare metal installation
-    File: installing-restricted-networks-bare-metal
-#  - Name: Restricted network  GCP installation
-#    File: installing-restricted-networks-GCP
-  - Name: Restricted network vSphere installation
-    File: installing-restricted-networks-vsphere
+  - Name: Installing a cluster on AWS using CloudFormation templates
+    File: installing-aws-user-infra
 - Name: Installing on bare metal
   Dir: installing_bare_metal
   Topics:
@@ -151,6 +138,19 @@ Topics:
   Topics:
   - Name: Installing a cluster on vSphere
     File: installing-vsphere
+- Name: Installing in restricted networks
+  Dir: installing_restricted_networks
+  Topics:
+  - Name: Creating a mirror registry for a restricted network
+    File: installing-restricted-networks-preparations
+  - Name: Restricted network AWS installation
+    File: installing-restricted-networks-aws
+  - Name: Restricted network bare metal installation
+    File: installing-restricted-networks-bare-metal
+#  - Name: Restricted network  GCP installation
+#    File: installing-restricted-networks-GCP
+  - Name: Restricted network vSphere installation
+    File: installing-restricted-networks-vsphere
 - Name: Gathering installation logs
   File: installing-gather-logs
 - Name: Installation configuration
diff --git a/installing/installing_restricted_networks/installing-restricted-networks-preparations.adoc b/installing/installing_restricted_networks/installing-restricted-networks-preparations.adoc
index 0668f1cf90cb..f5e332f76de2 100644
--- a/installing/installing_restricted_networks/installing-restricted-networks-preparations.adoc
+++ b/installing/installing_restricted_networks/installing-restricted-networks-preparations.adoc
@@ -5,8 +5,7 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-Before you install a cluster on infrastructure that you provision in a
-restricted network, you must create a mirror registry.
+Before you install a cluster on infrastructure that you provision in a restricted network, you must create a mirror registry. Installations on a restricted network are supported on only infrastructure that you provision, not infrastructure that the installer provisions.
 
 [IMPORTANT]
 ====
diff --git a/modules/installation-creating-mirror-registry.adoc b/modules/installation-creating-mirror-registry.adoc
index 0b11960195b7..9dfb03d8a7e3 100644
--- a/modules/installation-creating-mirror-registry.adoc
+++ b/modules/installation-creating-mirror-registry.adoc
@@ -41,13 +41,12 @@ endif::restricted[]
 . Install the required packages:
 +
 ----
-# yum -y install podman httpd httpd-tools jq
+# yum -y install podman httpd-tools
 ----
 +
 The `podman` package provides the container package that you run the registry
-in. The `httpd` and `httpd-tools` packages provide the `htpasswd` utility, which
-you use to create users. The `jq` package improves the display of JSON output
-on your command line.
+in. The `httpd-tools` package provides the `htpasswd` utility, which
+you use to create users.
 
 . Create folders for the registry:
 +
@@ -92,7 +91,7 @@ OpenSSL documentation.
 . Create the `mirror-registry` container to host your registry:
 +
 ----
-# podman run --name mirror-registry -p 5000:<local_registry_host_port> \ <1>
+# podman run --name mirror-registry -p <local_registry_host_port>:5000 \ <1>
      -v /opt/registry/data:/var/lib/registry:z \
      -v /opt/registry/auth:/auth:z \
      -e "REGISTRY_AUTH=htpasswd" \
diff --git a/modules/installation-generate-aws-user-infra-install-config.adoc b/modules/installation-generate-aws-user-infra-install-config.adoc
index 71d29eb7b06a..c36ac527e5fa 100644
--- a/modules/installation-generate-aws-user-infra-install-config.adoc
+++ b/modules/installation-generate-aws-user-infra-install-config.adoc
@@ -85,7 +85,7 @@ For `bastion_host_name`, specify the registry domain name
 that you specified in the certificate for your mirror registry, and for
 `<credentials>`, specify the base64-encoded user name and password for
 your mirror registry.
-.. Add the `additionalTrustBundle` parameter and value:
+.. Add the `additionalTrustBundle` parameter and value. The value must be the contents of the certificate file that you used for your mirror registry, which can be an exiting, trusted certificate authority or the self-signed certificate that you generated for the mirror registry.
 +
 ----
 additionalTrustBundle: |
@@ -93,10 +93,7 @@ additionalTrustBundle: |
   ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
   -----END CERTIFICATE-----
 ----
-+
-Provide the contents of the certificate file that you used for your mirror
-registry.
-.. Update image content resources:
+.. Add the image content resources:
 +
 ----
 imageContentSources:
diff --git a/modules/installation-local-registry-pull-secret.adoc b/modules/installation-local-registry-pull-secret.adoc
index 684b531f2a61..7bbabfd9c146 100644
--- a/modules/installation-local-registry-pull-secret.adoc
+++ b/modules/installation-local-registry-pull-secret.adoc
@@ -10,25 +10,26 @@ the information for your registry.
 
 .Prerequisites
 
-* You configured a mirror registry to use in your restricted network.
+* You configured a mirror registry to use in your restricted network and have its domain name and port as well as credentials for it.
 
 .Procedure
 
-* On the bastion host, create a new pull secret for your registry that is in
-JSON format:
+. On the bastion host, generate the pull secret for your registry:
 +
 ----
-{
-  "auths": {
-    "<local_registry_host_name>:<local_registry_host_port>": { <1>
-      "auth": "<credentials>", <2>
-      "email": "you@example.com"
-    }
-  }
-}
+$ podman login --authfile ~/pullsecret_config.json <local_registry_host_name>:<local_registry_host_port> <1>
+----
+<1> For `<local_registry_host_name>`, specify the registry domain name
+for your mirror registry, such as `registry.example.com`. For
+`<local_registry_host_port>`, specify the port that your mirror registry uses to
+serve content.
++
+Provide your credentials for the mirror registry at the prompts.
+
+. View the pull secret that you created:
++
+----
+# cat ~/pullsecret_config.json
+
+{ "auths": { "<local_registry_host_name>:<local_registry_host_port>": { "auth": "ZHVtbXk6ZHVtbXk=" } } }
 ----
-<1> For `bastion_host_name`, specify the registry domain name
-that you specified in your certificate, and for `<local_registry_host_port>`,
-specify the port that your mirror registry uses to serve content.
-<2> For `<credentials>`, specify the base64-encoded user name and password for
-the mirror registry that you generated.