Skip to content

Commit 60e11e0

Browse files
committed
polish 2
1 parent e43a868 commit 60e11e0

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

deploy-manage/security/self-tls-considerations.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ Certificates used for mTLS must either have no Extended Key Usage extension, or
2525

2626
### Transport certificates vs. HTTP certificates
2727

28-
Transport certificates ([`xpack.security.transport.ssl.*`](elasticsearch://reference/elasticsearch/configuration-reference/security-settings.md#transport-tls-ssl-settings) settings) have different security requirements than HTTP certificates ([`xpack.security.http.ssl.*`](elasticsearch://reference/elasticsearch/configuration-reference/security-settings.md#http-tls-ssl-settings) settings). HTTP connections don't typically use mTLS because HTTP has its own authentication mechanisms, so HTTP certificates usually don't need to include the `clientAuth` value in their Extended Key Usage extension. HTTP certificates can come from public or organization-wide certificate authorities, while transport certificates should use a cluster-specific private CA. In most cases, you should not use the same certificate for both HTTP and transport connections.
28+
Transport certificates have different security requirements than [HTTP certificates](/deploy-manage/security/secure-cluster-communications.md#encrypt-http-communication). HTTP connections don't typically use mTLS because HTTP has its own authentication mechanisms. Because of this, HTTP certificates usually don't need to include the `clientAuth` value in their Extended Key Usage extension. HTTP certificates can come from public or organization-wide certificate authorities, while transport certificates should use a cluster-specific private CA. In most cases, you should not use the same certificate for both HTTP and transport connections.
2929

3030
## Turning off mTLS for transport connections [turn-off-mtls]
3131

0 commit comments

Comments
 (0)