elastic · eedugon · Oct 29, 2025 · Oct 24, 2025 · Oct 27, 2025 · Oct 28, 2025
@@ -27,8 +27,8 @@ PUT /_cluster/settings
       "remote": {
         "alias-for-my-remote-cluster": { // Align the alias with the remote cluster name used when adding the API key.
           "mode":"proxy",
-          "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io:9400",
-          "server_name": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io"
+          "proxy_address": "<REMOTE_CLUSTER_ADDRESS>:9443",
+          "server_name": "<REMOTE_CLUSTER_SERVER_NAME>"
         }
       }
     }

@@ -35,8 +35,8 @@ PUT /_cluster/settings
       "remote": {
         "alias-for-my-remote-cluster": { // Remote cluster alias
           "mode":"proxy",
-          "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io:9400",
-          "server_name": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io"
+          "proxy_address": "<REMOTE_CLUSTER_ADDRESS>:9443",
+          "server_name": "<REMOTE_CLUSTER_SERVER_NAME>"
         }
       }
     }

@@ -146,11 +146,11 @@ A deployment can be configured to trust all or specific deployments in any envir
     instances:
       - name: "node1"
         dns: ["node1.mydomain.com"]
-        ip: ["192.168.1.1"]
+        ip: ["192.0.2.1"]
         cn: ["node1.node.1234567abcd.cluster.myscope.account"]
       - name: "node2"
         dns: ["node2.mydomain.com"]
-        ip: ["192.168.1.2"]
+        ip: ["192.0.2.2"]
         cn: ["node2.node.1234567abcd.cluster.myscope.account"]
     ```
 
@@ -161,15 +161,15 @@ A deployment can be configured to trust all or specific deployments in any envir
 
         * two specific clusters with the cluster IDs `aaaabbbbaaaabbbb`<1> and `xxxxyyyyxxxxyyyy`<2> from an organization with organization ID `1053523734`
         * <3> any cluster from an organization with organization ID `83988631`
-        * <4> The nodes from its own cluster (whose certificates follow a different convention: `CN = node1.example.com`, `CN = node2.example.com` and `CN = node3.example.com`)
+        * <4> The nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
 
 
 ```
   trust.subject_name:
   - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account
   - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account
   - *.node.*.cluster.83988631.account
-  - node*.example.com
+  - node*.<CLUSTER_FQDN>
 ```
 
 ::::{tip}
@@ -180,7 +180,7 @@ Generate new node certificates for an entire cluster using the file input mode o
 ::::{dropdown} Using the API
 You can update a deployment using the appropriate trust settings for the {{es}} payload.
 
-In order to trust a cluster whose nodes present certificates with the subject names: "CN = node1.example.com", "CN = node2.example.com" and "CN = node3.example.com" in a self-managed environment, you could update the trust settings with an additional direct trust relationship like this:
+In order to trust a cluster whose nodes present certificates with the subject names: "CN = node1.<CLUSTER_FQDN>", "CN = node2.<CLUSTER_FQDN>" and "CN = node3.<CLUSTER_FQDN>" in a self-managed environment, you could update the trust settings with an additional direct trust relationship like this:
 
 ```json
 {
@@ -195,7 +195,7 @@ In order to trust a cluster whose nodes present certificates with the subject na
       {
         "type" : "generic",
         "name" : "My Self-managed environment",
-        "additional_node_names" : ["node1.example.com", "node2.example.com", "node3.example.com",],
+        "additional_node_names" : ["node1.<CLUSTER_FQDN>", "node2.<CLUSTER_FQDN>", "node3.<CLUSTER_FQDN>",],
         "certificates" : [
             {
                 "pem" : "-----BEGIN CERTIFICATE-----\nMIIDTzCCA...H0=\n-----END CERTIFICATE-----"

@@ -146,11 +146,11 @@ A deployment can be configured to trust all or specific deployments in any envir
     instances:
       - name: "node1"
         dns: ["node1.mydomain.com"]
-        ip: ["192.168.1.1"]
+        ip: ["192.0.2.1"]
         cn: ["node1.node.1234567abcd.cluster.myscope.account"]
       - name: "node2"
         dns: ["node2.mydomain.com"]
-        ip: ["192.168.1.2"]
+        ip: ["192.0.2.2"]
         cn: ["node2.node.1234567abcd.cluster.myscope.account"]
     ```
 
@@ -164,12 +164,12 @@ A deployment can be configured to trust all or specific deployments in any envir
       - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1>
       - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1>
       - *.node.*.cluster.83988631.account <2>
-      - node*.example.com <4>
+      - node*.<CLUSTER_FQDN> <4>
     ```
 
     1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734`
     2. any cluster from an ECE environment with Environment ID `83988631`
-    3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.example.com`, `CN = node2.example.com` and `CN = node3.example.com`)
+    3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.<CLUSTER_FQDN>`, `CN = node2.<CLUSTER_FQDN>` and `CN = node3.<CLUSTER_FQDN>`)
 
 ::::{tip}
 Generate new node certificates for an entire cluster using the file input mode of the certutil.
@@ -179,7 +179,7 @@ Generate new node certificates for an entire cluster using the file input mode o
 ::::{dropdown} Using the API
 You can update a deployment using the appropriate trust settings for the {{es}} payload.
 
-In order to trust a cluster whose nodes present certificates with the subject names: "CN = node1.example.com", "CN = node2.example.com" and "CN = node3.example.com" in a self-managed environment, you could update the trust settings with an additional direct trust relationship like this:
+In order to trust a cluster whose nodes present certificates with the subject names: "CN = node1.<CLUSTER_FQDN>", "CN = node2.<CLUSTER_FQDN>" and "CN = node3.<CLUSTER_FQDN>" in a self-managed environment, you could update the trust settings with an additional direct trust relationship like this:
 
 ```json
 {
@@ -194,7 +194,7 @@ In order to trust a cluster whose nodes present certificates with the subject na
       {
         "type" : "generic",
         "name" : "My Self-managed environment",
-        "additional_node_names" : ["node1.example.com", "node2.example.com", "node3.example.com",],
+        "additional_node_names" : ["node1.<CLUSTER_FQDN>", "node2.<CLUSTER_FQDN>", "node3.<CLUSTER_FQDN>",],
         "certificates" : [
             {
                 "pem" : "-----BEGIN CERTIFICATE-----\nMIIDTzCCA...H0=\n-----END CERTIFICATE-----"

@@ -76,7 +76,7 @@ If a remote cluster is part of an {{ech}} (ECH) deployment, the remote cluster s
     3. Generate a certificate and private key pair for the nodes in the remote cluster:
 
         ```sh
-        ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=example.com --ip=127.0.0.1
+        ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=<CLUSTER_FQDN> --ip=192.0.2.1
         ```
 
         * Replace `CA_PASSWORD` with the CA password from the previous step.
@@ -158,7 +158,7 @@ To add a remote cluster from Stack Management in {{kib}}:
 2. Select **Add a remote cluster**.
 3. Select **API keys** as the connection type.
 4. Enter a name (*cluster alias*) for the remote cluster.
-5. Specify the {{es}} endpoint URL, or the IP address or host name of the remote cluster followed by the remote cluster port (defaults to `9443`). For example, `cluster.es.eastus2.staging.azure.foundit.no:9443` or `192.168.1.1:9443`.
+5. Specify the {{es}} endpoint URL, or the IP address or host name of the remote cluster followed by the remote cluster port (defaults to `9443`). For example, `cluster.es.eastus2.staging.azure.foundit.no:9443` or `192.0.2.1:9443`.
 
     Starting with {{kib}} 9.2, you can also specify IPv6 addresses.
 
@@ -180,7 +180,7 @@ PUT /_cluster/settings
       "remote" : {
         "cluster_one" : {    <1>
           "seeds" : [
-            "127.0.0.1:9443" <2>
+            "<MY_REMOTE_CLUSTER_ADDRESS>:9443" <2>
           ]
         }
       }
@@ -205,7 +205,7 @@ The API response indicates that the local cluster is connected to the remote clu
 {
   "cluster_one" : {
     "seeds" : [
-      "127.0.0.1:9443"
+      "<MY_REMOTE_CLUSTER_ADDRESS>:9443"
     ],
     "connected" : true,
     "num_nodes_connected" : 1,  <1>
@@ -239,20 +239,20 @@ PUT _cluster/settings
       "remote": {
         "cluster_one": {
           "seeds": [
-            "127.0.0.1:9443"
+            "<MY_REMOTE_CLUSTER_ADDRESS>:9443"
           ]
         },
         "cluster_two": {
           "mode": "sniff",
           "seeds": [
-            "127.0.0.1:9444"
+            "<MY_SECOND_REMOTE_CLUSTER_ADDRESS>:9443"
           ],
           "transport.compress": true,
           "skip_unavailable": true
         },
         "cluster_three": {
           "mode": "proxy",
-          "proxy_address": "127.0.0.1:9445"
+          "proxy_address": "<MY_THIRD_REMOTE_CLUSTER_ADDRESS>:9443"
         }
       }
     }
@@ -322,15 +322,15 @@ In the following example, `cluster_one`, `cluster_two`, and `cluster_three` are
 cluster:
     remote:
         cluster_one:
-            seeds: 127.0.0.1:9443
+            seeds: <MY_REMOTE_CLUSTER_ADDRESS>:9443
         cluster_two:
             mode: sniff
-            seeds: 127.0.0.1:9444
+            seeds: <MY_SECOND_REMOTE_CLUSTER_ADDRESS>:9443
             transport.compress: true      <1>
             skip_unavailable: true        <2>
         cluster_three:
             mode: proxy
-            proxy_address: 127.0.0.1:9445 <3>
+            proxy_address: <MY_THIRD_REMOTE_CLUSTER_ADDRESS>:9443 <3>
 ```
 
 1. Compression is explicitly enabled for requests to `cluster_two`.

@@ -68,7 +68,7 @@ To add a remote cluster from Stack Management in {{kib}}:
 2. Select **Add a remote cluster**.
 3. Select **Certificates** as the connection type.
 4. Enter a name (*cluster alias*) for the remote cluster.
-5. Specify the {{es}} endpoint URL, or the IP address or host name of the remote cluster followed by the transport port (defaults to `9300`). For example, `cluster.es.eastus2.staging.azure.foundit.no:9300` or `192.168.1.1:9300`.
+5. Specify the {{es}} endpoint URL, or the IP address or host name of the remote cluster followed by the transport port (defaults to `9300`). For example, `cluster.es.eastus2.staging.azure.foundit.no:9300` or `192.0.2.1:9300`.
 
     Starting with {{kib}} 9.2, you can also specify IPv6 addresses.
 
@@ -86,7 +86,7 @@ PUT /_cluster/settings
       "remote" : {
         "cluster_one" : {    <1>
           "seeds" : [
-            "127.0.0.1:9300" <2>
+            "<MY_REMOTE_CLUSTER_ADDRESS>:9300" <2>
           ]
         }
       }
@@ -96,7 +96,7 @@ PUT /_cluster/settings
 ```
 
 1. The cluster alias of this remote cluster is `cluster_one`.
-2. Specifies the hostname and transport port of a seed node in the remote cluster.
+2. Specifies the hostname and transport port of at least a seed node in the remote cluster.
 
 
 You can use the [remote cluster info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-remote-info) to verify that the local cluster is successfully connected to the remote cluster:
@@ -111,7 +111,7 @@ The API response indicates that the local cluster is connected to the remote clu
 {
   "cluster_one" : {
     "seeds" : [
-      "127.0.0.1:9300"
+      "<MY_REMOTE_CLUSTER_ADDRESS>:9300"
     ],
     "connected" : true,
     "num_nodes_connected" : 1,  <1>
@@ -143,20 +143,20 @@ PUT _cluster/settings
       "remote": {
         "cluster_one": {
           "seeds": [
-            "127.0.0.1:9300"
+            "<MY_REMOTE_CLUSTER_ADDRESS>:9300"
           ]
         },
         "cluster_two": {
           "mode": "sniff",
           "seeds": [
-            "127.0.0.1:9301"
+            "<MY_SECOND_REMOTE_CLUSTER_ADDRESS>:9300"
           ],
           "transport.compress": true,
           "skip_unavailable": true
         },
         "cluster_three": {
           "mode": "proxy",
-          "proxy_address": "127.0.0.1:9302"
+          "proxy_address": "<MY_THIRD_REMOTE_CLUSTER_ADDRESS>:9300"
         }
       }
     }
@@ -226,15 +226,15 @@ In the following example, `cluster_one`, `cluster_two`, and `cluster_three` are
 cluster:
     remote:
         cluster_one:
-            seeds: 127.0.0.1:9300
+            seeds: <MY_REMOTE_CLUSTER_ADDRESS>:9300
         cluster_two:
             mode: sniff
-            seeds: 127.0.0.1:9301
+            seeds: <MY_SECOND_REMOTE_CLUSTER_ADDRESS>:9300
             transport.compress: true      <1>
             skip_unavailable: true        <2>
         cluster_three:
             mode: proxy
-            proxy_address: 127.0.0.1:9302 <3>
+            proxy_address: <MY_THIRD_REMOTE_CLUSTER_ADDRESS>:9300 <3>
 ```
 
 1. Compression is explicitly enabled for requests to `cluster_two`.

@@ -69,7 +69,7 @@ On the remote cluster:
     3. Generate a certificate and private key pair for the nodes in the remote cluster:
 
         ```sh
-        ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=example.com --ip=127.0.0.1
+        ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=<CLUSTER_FQDN> --ip=192.0.2.1
         ```
 
         * Replace `CA_PASSWORD` with the CA password from the previous step.
@@ -169,7 +169,7 @@ On the local cluster:
               "remote" : {
                 "my_remote" : { <1>
                   "mode": "proxy",
-                  "proxy_address": "my.remote.cluster.com:9443" <2>
+                  "proxy_address": "<MY_REMOTE_CLUSTER_ADDRESS>:9443" <2>
                 }
               }
             }
@@ -198,7 +198,7 @@ On the local cluster:
       "my_remote": {
         "connected": true, <1>
         "mode": "proxy",
-        "proxy_address": "my.remote.cluster.com:9443",
+        "proxy_address": "<MY_REMOTE_CLUSTER_ADDRESS>:9443",
         "server_name": "",
         "num_proxy_sockets_connected": 0,
         "max_proxy_socket_connections": 18,