too many brackets

shainaraskas · shainaraskas · commit c401bfa49c0b · 2025-11-13T12:54:50.000-05:00
diff --git a/deploy-manage/security/self-tls-considerations.md b/deploy-manage/security/self-tls-considerations.md
@@ -25,9 +25,9 @@ Certificates used for mTLS must either have no Extended Key Usage extension, or
 
 ### Transport certificates vs. HTTP certificates
 
-Transport certificates ([`xpack.security.transport.ssl.*`](elasticsearch://reference/elasticsearch/configuration-reference/security-settings.md#transport-tls-ssl-settings) settings) have different security requirements than HTTP certificates ([`xpack.security.http.ssl.*`]((elasticsearch://reference/elasticsearch/configuration-reference/security-settings.md#http-tls-ssl-settings)) settings). HTTP connections don't typically use mTLS because HTTP has its own authentication mechanisms, so HTTP certificates usually don't need to include the `clientAuth` value in their Extended Key Usage extension. HTTP certificates can come from public or organization-wide certificate authorities, while transport certificates should use a cluster-specific private CA. In most cases, you should not use the same certificate for both HTTP and transport connections.
+Transport certificates ([`xpack.security.transport.ssl.*`](elasticsearch://reference/elasticsearch/configuration-reference/security-settings.md#transport-tls-ssl-settings) settings) have different security requirements than HTTP certificates ([`xpack.security.http.ssl.*`](elasticsearch://reference/elasticsearch/configuration-reference/security-settings.md#http-tls-ssl-settings) settings). HTTP connections don't typically use mTLS because HTTP has its own authentication mechanisms, so HTTP certificates usually don't need to include the `clientAuth` value in their Extended Key Usage extension. HTTP certificates can come from public or organization-wide certificate authorities, while transport certificates should use a cluster-specific private CA. In most cases, you should not use the same certificate for both HTTP and transport connections.
 
-## Turning off mTLS for transport connections
+## Turning off mTLS for transport connections [turn-off-mtls]
 
 If your environment has some other way to prevent unauthorized node-to-node connections, you might prefer not to use mTLS for transport connections. In this case, you can disable mTLS by setting `xpack.security.transport.ssl.client_authentication: none`. You can still use non-mutual TLS for encryption by setting `xpack.security.transport.ssl.enabled: true`. With non-mutual TLS, transport certificates don't require the `clientAuth` value in the Extended Key Usage extension.
 
