diff --git a/etc/emqx.conf b/etc/emqx.conf
index 560b901f2..95171176c 100644
--- a/etc/emqx.conf
+++ b/etc/emqx.conf
@@ -921,7 +921,7 @@ listener.tcp.external.access.1 = allow all
 ## Enable the option for X.509 certificate based authentication.
 ## EMQX will use the common name of certificate as MQTT username.
 ##
-## Value: cn | dn
+## Value: cn | dn | crt
 ## listener.tcp.external.peer_cert_as_username = cn
 
 ## The TCP backlog defines the maximum length that the queue of pending
@@ -1266,10 +1266,10 @@ listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-G
 ## Value: on | off
 ## listener.ssl.external.honor_cipher_order = on
 
-## Use the CN, EN or CRT field from the client certificate as a username.
+## Use the CN, DN or CRT field from the client certificate as a username.
 ## Notice that 'verify' should be set as 'verify_peer'.
 ##
-## Value: cn | en | crt
+## Value: cn | dn | crt
 ## listener.ssl.external.peer_cert_as_username = cn
 
 ## TCP backlog for the SSL connection.