Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS] Set explicit anchors for TLS/SSL settings #42524

Merged
merged 5 commits into from
May 29, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/reference/settings/monitoring-settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -283,5 +283,6 @@ For example: `["elasticsearch_version_mismatch","xpack_license_expiration"]`.
:component: {monitoring}
:verifies:
:server!:
:ssl-context: monitoring

include::ssl-settings.asciidoc[]
1 change: 1 addition & 0 deletions docs/reference/settings/notification-settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ corresponding endpoints are whitelisted as well.
:component: {watcher}
:verifies:
:server!:
:ssl-context: watcher

include::ssl-settings.asciidoc[]

Expand Down
2 changes: 2 additions & 0 deletions docs/reference/settings/security-settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -1566,6 +1566,7 @@ a PKCS#12 container includes trusted certificate ("anchor") entries look for
:client-auth-default: none
:verifies!:
:server:
:ssl-context: security-http

include::ssl-settings.asciidoc[]

Expand All @@ -1575,6 +1576,7 @@ include::ssl-settings.asciidoc[]
:client-auth-default!:
:verifies:
:server:
:ssl-context: security-transport

include::ssl-settings.asciidoc[]

Expand Down
19 changes: 18 additions & 1 deletion docs/reference/settings/ssl-settings.asciidoc
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

==== {component} TLS/SSL Settings
You can configure the following TLS/SSL settings. If the settings are not configured,
the {ref}/security-settings.html#ssl-tls-settings[Default TLS/SSL Settings]
Expand Down Expand Up @@ -39,7 +38,13 @@ endif::verifies[]
Supported cipher suites can be found in Oracle's http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html[
Java Cryptography Architecture documentation]. Defaults to ``.

ifdef::asciidoctor[]
[#{ssl-context}-tls-ssl-key-trusted-certificate-settings]
===== {component} TLS/SSL Key and Trusted Certificate Settings
endif::[]
ifndef::asciidoctor[]
===== anchor:{ssl-context}-tls-ssl-key-trusted-certificate-settings[] {component} TLS/SSL Key and Trusted Certificate Settings
endif::[]

The following settings are used to specify a private key, certificate, and the
trusted certificates that should be used when communicating over an SSL/TLS connection.
Expand Down Expand Up @@ -105,7 +110,13 @@ Password to the truststore.
+{ssl-prefix}.ssl.truststore.secure_password+ (<<secure-settings,Secure>>)::
Password to the truststore.

ifdef::asciidoctor[]
[#{ssl-context}-pkcs12-files]
===== PKCS#12 Files
endif::[]
ifndef::asciidoctor[]
===== anchor:{ssl-context}-pkcs12-files[] PKCS#12 Files
endif::[]

{es} can be configured to use PKCS#12 container files (`.p12` or `.pfx` files)
that contain the private key, certificate and certificates that should be trusted.
Expand Down Expand Up @@ -143,7 +154,13 @@ Password to the PKCS#12 file.
+{ssl-prefix}.ssl.truststore.secure_password+ (<<secure-settings,Secure>>)::
Password to the PKCS#12 file.

ifdef::asciidoctor[]
[#{ssl-context}-pkcs11-tokens]
===== PKCS#11 Tokens
endif::[]
ifndef::asciidoctor[]
===== anchor:{ssl-context}-pkcs11-tokens[] PKCS#11 Tokens
endif::[]

{es} can be configured to use a PKCS#11 token that contains the private key,
certificate and certificates that should be trusted.
Expand Down