Skip to content

Commit 2c8a362

Browse files
committed
TLS certs step aligned between ECE and ECH docs
1 parent 890ce6b commit 2c8a362

File tree

2 files changed

+20
-23
lines changed

2 files changed

+20
-23
lines changed

deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -159,18 +159,16 @@ A deployment can be configured to trust all or specific deployments in any envir
159159
* All the clusters in an {{ecloud}} region are signed by the same certificate authority. Therefore, adding this CA would make the self-managed cluster trust all the clusters in that region, including clusters from other organizations. This can be limited using the setting `xpack.security.transport.ssl.trust_restrictions.path` which points to a file that limits the certificates to trust based on their `otherName`-attribute.
160160
* For example, the following file would trust:
161161

162-
* two specific clusters with the cluster IDs `aaaabbbbaaaabbbb`<1> and `xxxxyyyyxxxxyyyy`<2> from an organization with organization ID `1053523734`
163-
* <3> any cluster from an organization with organization ID `83988631`
164-
* <4> The nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
165-
166-
167-
```
168-
trust.subject_name:
169-
- *.node.aaaabbbbaaaabbbb.cluster.1053523734.account
170-
- *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account
171-
- *.node.*.cluster.83988631.account
172-
- node*.<CLUSTER_FQDN>
173-
```
162+
```yaml
163+
trust.subject_name:
164+
- *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1>
165+
- *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1>
166+
- *.node.*.cluster.83988631.account <2>
167+
- node*.<CLUSTER_FQDN> <3>
168+
```
169+
1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734`
170+
2. any cluster from an ECE environment with Environment ID `83988631`
171+
3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
174172

175173
::::{tip}
176174
Generate new node certificates for an entire cluster using the file input mode of the certutil.

deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -159,17 +159,16 @@ A deployment can be configured to trust all or specific deployments in any envir
159159
* All the clusters in your {{ece}} environment are signed by the same certificate authority. Therefore, adding this CA would make the self-managed cluster trust all your clusters in your ECE environment. This should be limited using the setting `xpack.security.transport.ssl.trust_restrictions.path` in [`elasticsearch.yml`](/deploy-manage/stack-settings.md), which points to a file that limits the certificates to trust based on their `otherName`-attribute.
160160
* For example, the following file would trust:
161161

162-
```yaml
163-
trust.subject_name:
164-
- *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1>
165-
- *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1>
166-
- *.node.*.cluster.83988631.account <2>
167-
- node*.<CLUSTER_FQDN> <4>
168-
```
169-
170-
1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734`
171-
2. any cluster from an ECE environment with Environment ID `83988631`
172-
3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
162+
```yaml
163+
trust.subject_name:
164+
- *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1>
165+
- *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1>
166+
- *.node.*.cluster.83988631.account <2>
167+
- node*.<CLUSTER_FQDN> <3>
168+
```
169+
1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734`
170+
2. any cluster from an ECE environment with Environment ID `83988631`
171+
3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
173172

174173
::::{tip}
175174
Generate new node certificates for an entire cluster using the file input mode of the certutil.

0 commit comments

Comments
 (0)