diff --git a/docs/reference/settings/monitoring-settings.asciidoc b/docs/reference/settings/monitoring-settings.asciidoc index 0c34b1219230d..bea2bd3c5db34 100644 --- a/docs/reference/settings/monitoring-settings.asciidoc +++ b/docs/reference/settings/monitoring-settings.asciidoc @@ -281,5 +281,6 @@ For example: `["elasticsearch_version_mismatch","xpack_license_expiration"]`. :component: {monitoring} :verifies: :server!: +:ssl-context: monitoring include::ssl-settings.asciidoc[] diff --git a/docs/reference/settings/notification-settings.asciidoc b/docs/reference/settings/notification-settings.asciidoc index 72f078a5697cc..a5f127d489197 100644 --- a/docs/reference/settings/notification-settings.asciidoc +++ b/docs/reference/settings/notification-settings.asciidoc @@ -70,6 +70,7 @@ Specifies the maximum size an HTTP response is allowed to have, defaults to :component: {watcher} :verifies: :server!: +:ssl-context: watcher include::ssl-settings.asciidoc[] diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc index aec70e7f45107..fb71a5123475b 100644 --- a/docs/reference/settings/security-settings.asciidoc +++ b/docs/reference/settings/security-settings.asciidoc @@ -1339,6 +1339,7 @@ http layer. :client-auth-default: none :verifies!: :server: +:ssl-context: security-http include::ssl-settings.asciidoc[] @@ -1348,6 +1349,7 @@ include::ssl-settings.asciidoc[] :client-auth-default!: :verifies: :server: +:ssl-context: security-transport include::ssl-settings.asciidoc[] @@ -1371,6 +1373,7 @@ setting, this would be `transport.profiles.$PROFILE.xpack.security.ssl.key`. :component: Auditing :client-auth-default!: :server!: +:ssl-context: auditing include::ssl-settings.asciidoc[] diff --git a/docs/reference/settings/ssl-settings.asciidoc b/docs/reference/settings/ssl-settings.asciidoc index d1f5833d54dcc..0162d9bf667c3 100644 --- a/docs/reference/settings/ssl-settings.asciidoc +++ b/docs/reference/settings/ssl-settings.asciidoc @@ -1,4 +1,3 @@ - ==== {component} TLS/SSL Settings You can configure the following TLS/SSL settings. If the settings are not configured, the {ref}/security-settings.html#ssl-tls-settings[Default TLS/SSL Settings] @@ -41,7 +40,13 @@ Supported cipher suites can be found in Oracle's http://docs.oracle.com/javase/8 Java Cryptography Architecture documentation]. Defaults to the value of `xpack.ssl.cipher_suites`. +ifdef::asciidoctor[] +[#{ssl-context}-tls-ssl-key-trusted-certificate-settings] ===== {component} TLS/SSL Key and Trusted Certificate Settings +endif::[] +ifndef::asciidoctor[] +===== anchor:{ssl-context}-tls-ssl-key-trusted-certificate-settings[] {component} TLS/SSL Key and Trusted Certificate Settings +endif::[] The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. @@ -107,7 +112,13 @@ Password to the truststore. +{ssl-prefix}.ssl.truststore.secure_password+ (<>):: Password to the truststore. +ifdef::asciidoctor[] +[#{ssl-context}-pkcs12-files] ===== PKCS#12 Files +endif::[] +ifndef::asciidoctor[] +===== anchor:{ssl-context}-pkcs12-files[] PKCS#12 Files +endif::[] {security} can be configured to use PKCS#12 container files (`.p12` or `.pfx` files) that contain the private key, certificate and certificates that should be trusted. @@ -145,7 +156,13 @@ Password to the PKCS#12 file. +{ssl-prefix}.ssl.truststore.secure_password+ (<>):: Password to the PKCS#12 file. +ifdef::asciidoctor[] +[#{ssl-context}-pkcs11-tokens] ===== PKCS#11 Tokens +endif::[] +ifndef::asciidoctor[] +===== anchor:{ssl-context}-pkcs11-tokens[] PKCS#11 Tokens +endif::[] {security} can be configured to use a PKCS#11 token that contains the private key, certificate and certificates that should be trusted.