diff --git a/docs/reference/settings/monitoring-settings.asciidoc b/docs/reference/settings/monitoring-settings.asciidoc index f87755f2b0c43..d938f76e63236 100644 --- a/docs/reference/settings/monitoring-settings.asciidoc +++ b/docs/reference/settings/monitoring-settings.asciidoc @@ -280,5 +280,6 @@ For example: `["elasticsearch_version_mismatch","xpack_license_expiration"]`. :component: {monitoring} :verifies: :server!: +:ssl-context: monitoring include::ssl-settings.asciidoc[] diff --git a/docs/reference/settings/notification-settings.asciidoc b/docs/reference/settings/notification-settings.asciidoc index fcd245a06bcc2..71d6523389972 100644 --- a/docs/reference/settings/notification-settings.asciidoc +++ b/docs/reference/settings/notification-settings.asciidoc @@ -70,6 +70,7 @@ Specifies the maximum size an HTTP response is allowed to have, defaults to :component: {watcher} :verifies: :server!: +:ssl-context: watcher include::ssl-settings.asciidoc[] diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc index 14d22d728e669..49c093789e33d 100644 --- a/docs/reference/settings/security-settings.asciidoc +++ b/docs/reference/settings/security-settings.asciidoc @@ -1420,6 +1420,7 @@ http layer. :client-auth-default: none :verifies!: :server: +:ssl-context: security-http include::ssl-settings.asciidoc[] @@ -1429,6 +1430,7 @@ include::ssl-settings.asciidoc[] :client-auth-default!: :verifies: :server: +:ssl-context: security-transport include::ssl-settings.asciidoc[] @@ -1452,6 +1454,7 @@ setting, this would be `transport.profiles.$PROFILE.xpack.security.ssl.key`. :component: Auditing :client-auth-default!: :server!: +:ssl-context: auditing include::ssl-settings.asciidoc[] diff --git a/docs/reference/settings/ssl-settings.asciidoc b/docs/reference/settings/ssl-settings.asciidoc index 8ea79fc1e50a5..47393246dfe6a 100644 --- a/docs/reference/settings/ssl-settings.asciidoc +++ b/docs/reference/settings/ssl-settings.asciidoc @@ -1,4 +1,3 @@ - ==== {component} TLS/SSL Settings You can configure the following TLS/SSL settings. If the settings are not configured, the {ref}/security-settings.html#ssl-tls-settings[Default TLS/SSL Settings] @@ -41,7 +40,13 @@ Supported cipher suites can be found in Oracle's http://docs.oracle.com/javase/8 Java Cryptography Architecture documentation]. Defaults to the value of `xpack.ssl.cipher_suites`. +ifdef::asciidoctor[] +[#{ssl-context}-tls-ssl-key-trusted-certificate-settings] ===== {component} TLS/SSL Key and Trusted Certificate Settings +endif::[] +ifndef::asciidoctor[] +===== anchor:{ssl-context}-tls-ssl-key-trusted-certificate-settings[] {component} TLS/SSL Key and Trusted Certificate Settings +endif::[] The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. @@ -107,7 +112,13 @@ Password to the truststore. +{ssl-prefix}.ssl.truststore.secure_password+ (<>):: Password to the truststore. +ifdef::asciidoctor[] +[#{ssl-context}-pkcs12-files] ===== PKCS#12 Files +endif::[] +ifndef::asciidoctor[] +===== anchor:{ssl-context}-pkcs12-files[] PKCS#12 Files +endif::[] {es} can be configured to use PKCS#12 container files (`.p12` or `.pfx` files) that contain the private key, certificate and certificates that should be trusted. @@ -145,7 +156,13 @@ Password to the PKCS#12 file. +{ssl-prefix}.ssl.truststore.secure_password+ (<>):: Password to the PKCS#12 file. +ifdef::asciidoctor[] +[#{ssl-context}-pkcs11-tokens] ===== PKCS#11 Tokens +endif::[] +ifndef::asciidoctor[] +===== anchor:{ssl-context}-pkcs11-tokens[] PKCS#11 Tokens +endif::[] {es} can be configured to use a PKCS#11 token that contains the private key, certificate and certificates that should be trusted.