TLS certs step aligned between ECE and ECH docs

eedugon · eedugon · commit 2c8a362f13ca · 2025-10-29T17:09:27.000+01:00
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md
@@ -159,18 +159,16 @@ A deployment can be configured to trust all or specific deployments in any envir
     * All the clusters in an {{ecloud}} region are signed by the same certificate authority. Therefore, adding this CA would make the self-managed cluster trust all the clusters in that region, including clusters from other organizations.  This can be limited using the setting `xpack.security.transport.ssl.trust_restrictions.path` which points to a file that limits the certificates to trust based on their `otherName`-attribute.
     * For example, the following file would trust:
 
-        * two specific clusters with the cluster IDs `aaaabbbbaaaabbbb`<1> and `xxxxyyyyxxxxyyyy`<2> from an organization with organization ID `1053523734`
-        * <3> any cluster from an organization with organization ID `83988631`
-        * <4> The nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
-
-
-```
-  trust.subject_name:
-  - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account
-  - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account
-  - *.node.*.cluster.83988631.account
-  - node*.<CLUSTER_FQDN>
-```
+      ```yaml
+        trust.subject_name:
+        - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1>
+        - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1>
+        - *.node.*.cluster.83988631.account <2>
+        - node*.<CLUSTER_FQDN> <3>
+      ```
+      1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734`
+      2. any cluster from an ECE environment with Environment ID `83988631`
+      3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
 
 ::::{tip}
 Generate new node certificates for an entire cluster using the file input mode of the certutil.
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md
@@ -159,17 +159,16 @@ A deployment can be configured to trust all or specific deployments in any envir
     * All the clusters in your {{ece}} environment are signed by the same certificate authority. Therefore, adding this CA would make the self-managed cluster trust all your clusters in your ECE environment. This should be limited using the setting `xpack.security.transport.ssl.trust_restrictions.path` in [`elasticsearch.yml`](/deploy-manage/stack-settings.md), which points to a file that limits the certificates to trust based on their `otherName`-attribute.
     * For example, the following file would trust:
 
-    ```yaml
-      trust.subject_name:
-      - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1>
-      - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1>
-      - *.node.*.cluster.83988631.account <2>
-      - node*.<CLUSTER_FQDN> <4>
-    ```
-
-    1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734`
-    2. any cluster from an ECE environment with Environment ID `83988631`
-    3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
+      ```yaml
+        trust.subject_name:
+        - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1>
+        - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1>
+        - *.node.*.cluster.83988631.account <2>
+        - node*.<CLUSTER_FQDN> <3>
+      ```
+      1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734`
+      2. any cluster from an ECE environment with Environment ID `83988631`
+      3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
 
 ::::{tip}
 Generate new node certificates for an entire cluster using the file input mode of the certutil.
