From 8d4678aad0c090eba03d49361707997dd006317e Mon Sep 17 00:00:00 2001
From: James Rodewig <james.rodewig@elastic.co>
Date: Fri, 24 May 2019 09:55:04 -0400
Subject: [PATCH 1/5] [DOCS] Set explicit anchors for TLS/SSL settings

---
 docs/reference/settings/ssl-settings.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/reference/settings/ssl-settings.asciidoc b/docs/reference/settings/ssl-settings.asciidoc
index f392d0c2fb816..b2ccfcb73c3a9 100644
--- a/docs/reference/settings/ssl-settings.asciidoc
+++ b/docs/reference/settings/ssl-settings.asciidoc
@@ -1,4 +1,5 @@
 
+[[tls-ssl-settings]]
 ==== {component} TLS/SSL Settings
 You can configure the following TLS/SSL settings. If the settings are not configured,
 the {ref}/security-settings.html#ssl-tls-settings[Default TLS/SSL Settings]
@@ -39,6 +40,7 @@ endif::verifies[]
 Supported cipher suites can be found in Oracle's http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html[
 Java Cryptography Architecture documentation]. Defaults to ``.
 
+[[tls-ssl-key-trusted-certificate-settings]]
 ===== {component} TLS/SSL Key and Trusted Certificate Settings
 
 The following settings are used to specify a private key, certificate, and the

From db3d7a6ca616f0d3f905f262ae354870dd5ef490 Mon Sep 17 00:00:00 2001
From: James Rodewig <james.rodewig@elastic.co>
Date: Fri, 24 May 2019 10:25:26 -0400
Subject: [PATCH 2/5] [DOCS] Set explicit anchors for pkcs tokens and files

---
 docs/reference/settings/ssl-settings.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/reference/settings/ssl-settings.asciidoc b/docs/reference/settings/ssl-settings.asciidoc
index b2ccfcb73c3a9..211b89b2660d1 100644
--- a/docs/reference/settings/ssl-settings.asciidoc
+++ b/docs/reference/settings/ssl-settings.asciidoc
@@ -107,6 +107,7 @@ Password to the truststore.
 +{ssl-prefix}.ssl.truststore.secure_password+ (<<secure-settings,Secure>>)::
 Password to the truststore.
 
+[[pkcs12-files]]
 ===== PKCS#12 Files
 
 {es} can be configured to use PKCS#12 container files (`.p12` or `.pfx` files)
@@ -145,6 +146,7 @@ Password to the PKCS#12 file.
 +{ssl-prefix}.ssl.truststore.secure_password+ (<<secure-settings,Secure>>)::
 Password to the PKCS#12 file.
 
+[[pkcs11-tokens]]
 ===== PKCS#11 Tokens
 
 {es} can be configured to use a PKCS#11 token that contains the private key,

From 7e74c00a2c665e18c47cb9229c25d8d788a72128 Mon Sep 17 00:00:00 2001
From: James Rodewig <james.rodewig@elastic.co>
Date: Tue, 28 May 2019 11:13:47 -0400
Subject: [PATCH 3/5] [DOCS] Add attributes to IDs to prevent duplicate ID
 errors

---
 docs/reference/settings/monitoring-settings.asciidoc   | 1 +
 docs/reference/settings/notification-settings.asciidoc | 1 +
 docs/reference/settings/security-settings.asciidoc     | 2 ++
 docs/reference/settings/ssl-settings.asciidoc          | 8 ++++----
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/docs/reference/settings/monitoring-settings.asciidoc b/docs/reference/settings/monitoring-settings.asciidoc
index c48b7d8764d2c..18379577e6a3e 100644
--- a/docs/reference/settings/monitoring-settings.asciidoc
+++ b/docs/reference/settings/monitoring-settings.asciidoc
@@ -283,5 +283,6 @@ For example: `["elasticsearch_version_mismatch","xpack_license_expiration"]`.
 :component:              {monitoring}
 :verifies:
 :server!:
+:ssl-context:            monitoring
 
 include::ssl-settings.asciidoc[]
diff --git a/docs/reference/settings/notification-settings.asciidoc b/docs/reference/settings/notification-settings.asciidoc
index 77f755b09e285..ac7160bd20aac 100644
--- a/docs/reference/settings/notification-settings.asciidoc
+++ b/docs/reference/settings/notification-settings.asciidoc
@@ -85,6 +85,7 @@ corresponding endpoints are whitelisted as well.
 :component:              {watcher}
 :verifies:
 :server!:
+:ssl-context:            watcher
 
 include::ssl-settings.asciidoc[]
 
diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc
index 3cfe1d1e58769..00c1941f65256 100644
--- a/docs/reference/settings/security-settings.asciidoc
+++ b/docs/reference/settings/security-settings.asciidoc
@@ -1566,6 +1566,7 @@ a PKCS#12 container includes trusted certificate ("anchor") entries look for
 :client-auth-default:    none
 :verifies!:
 :server:
+:ssl-context:            security-http
 
 include::ssl-settings.asciidoc[]
 
@@ -1575,6 +1576,7 @@ include::ssl-settings.asciidoc[]
 :client-auth-default!:
 :verifies:
 :server:
+:ssl-context:            security-transport
 
 include::ssl-settings.asciidoc[]
 
diff --git a/docs/reference/settings/ssl-settings.asciidoc b/docs/reference/settings/ssl-settings.asciidoc
index 211b89b2660d1..0916a7065abaf 100644
--- a/docs/reference/settings/ssl-settings.asciidoc
+++ b/docs/reference/settings/ssl-settings.asciidoc
@@ -1,5 +1,5 @@
 
-[[tls-ssl-settings]]
+[[{ssl-context}-tls-ssl-settings]]
 ==== {component} TLS/SSL Settings
 You can configure the following TLS/SSL settings. If the settings are not configured,
 the {ref}/security-settings.html#ssl-tls-settings[Default TLS/SSL Settings]
@@ -40,7 +40,7 @@ endif::verifies[]
 Supported cipher suites can be found in Oracle's http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html[
 Java Cryptography Architecture documentation]. Defaults to ``.
 
-[[tls-ssl-key-trusted-certificate-settings]]
+[[{ssl-context}-tls-ssl-key-trusted-certificate-settings]]
 ===== {component} TLS/SSL Key and Trusted Certificate Settings
 
 The following settings are used to specify a private key, certificate, and the
@@ -107,7 +107,7 @@ Password to the truststore.
 +{ssl-prefix}.ssl.truststore.secure_password+ (<<secure-settings,Secure>>)::
 Password to the truststore.
 
-[[pkcs12-files]]
+[[{ssl-context}-pkcs12-files]]
 ===== PKCS#12 Files
 
 {es} can be configured to use PKCS#12 container files (`.p12` or `.pfx` files)
@@ -146,7 +146,7 @@ Password to the PKCS#12 file.
 +{ssl-prefix}.ssl.truststore.secure_password+ (<<secure-settings,Secure>>)::
 Password to the PKCS#12 file.
 
-[[pkcs11-tokens]]
+[[{ssl-context}-pkcs11-tokens]]
 ===== PKCS#11 Tokens
 
 {es} can be configured to use a PKCS#11 token that contains the private key,

From 1c9dabdef31f5224485051bba2169ac0408380fc Mon Sep 17 00:00:00 2001
From: James Rodewig <james.rodewig@elastic.co>
Date: Tue, 28 May 2019 21:45:45 -0400
Subject: [PATCH 4/5] [DOCS] Add ifdef to support AsciiDoc heading anchors with
 attributes

---
 docs/reference/settings/ssl-settings.asciidoc | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/docs/reference/settings/ssl-settings.asciidoc b/docs/reference/settings/ssl-settings.asciidoc
index 0916a7065abaf..ce3dbcf1d428d 100644
--- a/docs/reference/settings/ssl-settings.asciidoc
+++ b/docs/reference/settings/ssl-settings.asciidoc
@@ -1,5 +1,3 @@
-
-[[{ssl-context}-tls-ssl-settings]]
 ==== {component} TLS/SSL Settings
 You can configure the following TLS/SSL settings. If the settings are not configured,
 the {ref}/security-settings.html#ssl-tls-settings[Default TLS/SSL Settings]
@@ -40,8 +38,13 @@ endif::verifies[]
 Supported cipher suites can be found in Oracle's http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html[
 Java Cryptography Architecture documentation]. Defaults to ``.
 
+ifdef::asciidoctor[]
 [[{ssl-context}-tls-ssl-key-trusted-certificate-settings]]
 ===== {component} TLS/SSL Key and Trusted Certificate Settings
+endif::[]
+ifndef::asciidoctor[]
+==== anchor:{ssl-context}-tls-ssl-key-trusted-certificate-settings[] {component} TLS/SSL Key and Trusted Certificate Settings
+endif::[]
 
 The following settings are used to specify a private key, certificate, and the
 trusted certificates that should be used when communicating over an SSL/TLS connection.
@@ -107,8 +110,13 @@ Password to the truststore.
 +{ssl-prefix}.ssl.truststore.secure_password+ (<<secure-settings,Secure>>)::
 Password to the truststore.
 
+ifdef::asciidoctor[]
 [[{ssl-context}-pkcs12-files]]
 ===== PKCS#12 Files
+endif::[]
+ifndef::asciidoctor[]
+==== anchor:{ssl-context}-pkcs12-files[] PKCS#12 Files
+endif::[]
 
 {es} can be configured to use PKCS#12 container files (`.p12` or `.pfx` files)
 that contain the private key, certificate and certificates that should be trusted.
@@ -146,8 +154,13 @@ Password to the PKCS#12 file.
 +{ssl-prefix}.ssl.truststore.secure_password+ (<<secure-settings,Secure>>)::
 Password to the PKCS#12 file.
 
+ifdef::asciidoctor[]
 [[{ssl-context}-pkcs11-tokens]]
 ===== PKCS#11 Tokens
+endif::[]
+ifndef::asciidoctor[]
+==== anchor:{ssl-context}-pkcs11-tokens[] PKCS#11 Tokens
+endif::[]
 
 {es} can be configured to use a PKCS#11 token that contains the private key,
 certificate and certificates that should be trusted.

From 7fac866b377d1a4508e9146d61e9717d1141e6d4 Mon Sep 17 00:00:00 2001
From: James Rodewig <james.rodewig@elastic.co>
Date: Tue, 28 May 2019 22:41:28 -0400
Subject: [PATCH 5/5] [DOCS] Use shorthand anchor syntax for Asciidoctor

---
 docs/reference/settings/ssl-settings.asciidoc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/reference/settings/ssl-settings.asciidoc b/docs/reference/settings/ssl-settings.asciidoc
index ce3dbcf1d428d..6d8ffd90b6a37 100644
--- a/docs/reference/settings/ssl-settings.asciidoc
+++ b/docs/reference/settings/ssl-settings.asciidoc
@@ -39,11 +39,11 @@ Supported cipher suites can be found in Oracle's http://docs.oracle.com/javase/8
 Java Cryptography Architecture documentation]. Defaults to ``.
 
 ifdef::asciidoctor[]
-[[{ssl-context}-tls-ssl-key-trusted-certificate-settings]]
+[#{ssl-context}-tls-ssl-key-trusted-certificate-settings]
 ===== {component} TLS/SSL Key and Trusted Certificate Settings
 endif::[]
 ifndef::asciidoctor[]
-==== anchor:{ssl-context}-tls-ssl-key-trusted-certificate-settings[] {component} TLS/SSL Key and Trusted Certificate Settings
+===== anchor:{ssl-context}-tls-ssl-key-trusted-certificate-settings[] {component} TLS/SSL Key and Trusted Certificate Settings
 endif::[]
 
 The following settings are used to specify a private key, certificate, and the
@@ -111,11 +111,11 @@ Password to the truststore.
 Password to the truststore.
 
 ifdef::asciidoctor[]
-[[{ssl-context}-pkcs12-files]]
+[#{ssl-context}-pkcs12-files]
 ===== PKCS#12 Files
 endif::[]
 ifndef::asciidoctor[]
-==== anchor:{ssl-context}-pkcs12-files[] PKCS#12 Files
+===== anchor:{ssl-context}-pkcs12-files[] PKCS#12 Files
 endif::[]
 
 {es} can be configured to use PKCS#12 container files (`.p12` or `.pfx` files)
@@ -155,11 +155,11 @@ Password to the PKCS#12 file.
 Password to the PKCS#12 file.
 
 ifdef::asciidoctor[]
-[[{ssl-context}-pkcs11-tokens]]
+[#{ssl-context}-pkcs11-tokens]
 ===== PKCS#11 Tokens
 endif::[]
 ifndef::asciidoctor[]
-==== anchor:{ssl-context}-pkcs11-tokens[] PKCS#11 Tokens
+===== anchor:{ssl-context}-pkcs11-tokens[] PKCS#11 Tokens
 endif::[]
 
 {es} can be configured to use a PKCS#11 token that contains the private key,