Skip to content

Commit

Permalink
Apply suggestions from code review
Browse files Browse the repository at this point in the history 
Signed-off-by: Naarcha-AWS <[email protected]>
  • Loading branch information
@Naarcha-AWS
Naarcha-AWS authored Apr 17, 2024
1 parent 5aabc0f commit a5158d1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions _security/configuration/tls.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,8 @@ Name | Description

## Separate client and server certificates for transport layer TLS

By default, transport layer TLS certificates need to be configured as both client (`TLS Web Client Authentication`) and server (`TLS Web Server Authentication`) in the certificate's `Extended Key Usage` section, bacause the nodes using the TLS certificates take on the responsibility of serving and receiving the communication requests internally.
If you want to use separate certificates as client and server, add the `plugins.security.ssl.transport.extended_key_usage_enabled: true` setting to `opensearch.yml`. Next, configure the settings outlined in the [separate client and server X.509 PEM certificates and PKCS #8 keys]({{site.url}}{{site.baseurl}}/security/configuration/tls/#separate-client-and-server-x509-pem-certificates-and-pkcs-8-keys) or [separate client and server keystore and truststore files]({{site.url}}{{site.baseurl}}/security/configuration/tls/#separate-client-and-server-keystore-and-truststore-files) sections.
By default, transport layer TLS certificates need to be configured as both client (`TLS Web Client Authentication`) and server (`TLS Web Server Authentication`) in the certificate's `Extended Key Usage` section, because the nodes using the TLS certificates take on the responsibility of serving and receiving the communication requests internally.
If you want to use separate certificates for client and server, add the `plugins.security.ssl.transport.extended_key_usage_enabled: true` setting to `opensearch.yml`. Next, configure the settings outlined in the [separate client and server X.509 PEM certificates and PKCS #8 keys]({{site.url}}{{site.baseurl}}/security/configuration/tls/#separate-client-and-server-x509-pem-certificates-and-pkcs-8-keys) or [separate client and server keystore and truststore files]({{site.url}}{{site.baseurl}}/security/configuration/tls/#separate-client-and-server-keystore-and-truststore-files) sections.

### Separate client and server X.509 PEM certificates and PKCS #8 keys

Expand Down

0 comments on commit a5158d1

Please sign in to comment.