From 26bb244753f1857db91d1976c77a145939e44a48 Mon Sep 17 00:00:00 2001 From: James Rodewig Date: Wed, 29 May 2019 08:24:25 -0400 Subject: [PATCH] [DOCS] Set explicit anchors for TLS/SSL settings (#42524) (fixup) --- .../settings/monitoring-settings.asciidoc | 1 + .../settings/notification-settings.asciidoc | 1 + .../settings/security-settings.asciidoc | 3 +++ docs/reference/settings/ssl-settings.asciidoc | 19 ++++++++++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/docs/reference/settings/monitoring-settings.asciidoc b/docs/reference/settings/monitoring-settings.asciidoc index f87755f2b0c43..d938f76e63236 100644 --- a/docs/reference/settings/monitoring-settings.asciidoc +++ b/docs/reference/settings/monitoring-settings.asciidoc @@ -280,5 +280,6 @@ For example: `["elasticsearch_version_mismatch","xpack_license_expiration"]`. :component: {monitoring} :verifies: :server!: +:ssl-context: monitoring include::ssl-settings.asciidoc[] diff --git a/docs/reference/settings/notification-settings.asciidoc b/docs/reference/settings/notification-settings.asciidoc index 23c7d078c2539..52c815dd002ca 100644 --- a/docs/reference/settings/notification-settings.asciidoc +++ b/docs/reference/settings/notification-settings.asciidoc @@ -71,6 +71,7 @@ Specifies the maximum size an HTTP response is allowed to have, defaults to :component: {watcher} :verifies: :server!: +:ssl-context: watcher include::ssl-settings.asciidoc[] diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc index fcbf4bc941276..facacf06acc22 100644 --- a/docs/reference/settings/security-settings.asciidoc +++ b/docs/reference/settings/security-settings.asciidoc @@ -1426,6 +1426,7 @@ http layer. :client-auth-default: none :verifies!: :server: +:ssl-context: security-http include::ssl-settings.asciidoc[] @@ -1435,6 +1436,7 @@ include::ssl-settings.asciidoc[] :client-auth-default!: :verifies: :server: +:ssl-context: security-transport include::ssl-settings.asciidoc[] @@ -1458,6 +1460,7 @@ setting, this would be `transport.profiles.$PROFILE.xpack.security.ssl.key`. :component: Auditing :client-auth-default!: :server!: +:ssl-context: auditing include::ssl-settings.asciidoc[] diff --git a/docs/reference/settings/ssl-settings.asciidoc b/docs/reference/settings/ssl-settings.asciidoc index 8ea79fc1e50a5..47393246dfe6a 100644 --- a/docs/reference/settings/ssl-settings.asciidoc +++ b/docs/reference/settings/ssl-settings.asciidoc @@ -1,4 +1,3 @@ - ==== {component} TLS/SSL Settings You can configure the following TLS/SSL settings. If the settings are not configured, the {ref}/security-settings.html#ssl-tls-settings[Default TLS/SSL Settings] @@ -41,7 +40,13 @@ Supported cipher suites can be found in Oracle's http://docs.oracle.com/javase/8 Java Cryptography Architecture documentation]. Defaults to the value of `xpack.ssl.cipher_suites`. +ifdef::asciidoctor[] +[#{ssl-context}-tls-ssl-key-trusted-certificate-settings] ===== {component} TLS/SSL Key and Trusted Certificate Settings +endif::[] +ifndef::asciidoctor[] +===== anchor:{ssl-context}-tls-ssl-key-trusted-certificate-settings[] {component} TLS/SSL Key and Trusted Certificate Settings +endif::[] The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. @@ -107,7 +112,13 @@ Password to the truststore. +{ssl-prefix}.ssl.truststore.secure_password+ (<>):: Password to the truststore. +ifdef::asciidoctor[] +[#{ssl-context}-pkcs12-files] ===== PKCS#12 Files +endif::[] +ifndef::asciidoctor[] +===== anchor:{ssl-context}-pkcs12-files[] PKCS#12 Files +endif::[] {es} can be configured to use PKCS#12 container files (`.p12` or `.pfx` files) that contain the private key, certificate and certificates that should be trusted. @@ -145,7 +156,13 @@ Password to the PKCS#12 file. +{ssl-prefix}.ssl.truststore.secure_password+ (<>):: Password to the PKCS#12 file. +ifdef::asciidoctor[] +[#{ssl-context}-pkcs11-tokens] ===== PKCS#11 Tokens +endif::[] +ifndef::asciidoctor[] +===== anchor:{ssl-context}-pkcs11-tokens[] PKCS#11 Tokens +endif::[] {es} can be configured to use a PKCS#11 token that contains the private key, certificate and certificates that should be trusted.