From b1b1454400dd1b05658dde59e51881a574a38a79 Mon Sep 17 00:00:00 2001
From: lcawl <lcawley@elastic.co>
Date: Tue, 22 Oct 2024 19:22:57 -0700
Subject: [PATCH 1/2] [OpenAPI] Edit SSL certificate API

---
 .../elasticsearch-shared-overlays.yaml         |  2 --
 .../ssl/certificates/GetCertificatesRequest.ts | 18 ++++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/docs/overlays/elasticsearch-shared-overlays.yaml b/docs/overlays/elasticsearch-shared-overlays.yaml
index 6150292046..46b8894b5e 100644
--- a/docs/overlays/elasticsearch-shared-overlays.yaml
+++ b/docs/overlays/elasticsearch-shared-overlays.yaml
@@ -193,8 +193,6 @@ actions:
           x-displayName: Searchable snapshots
         - name: security
           x-displayName: Security
-        - name: ssl
-          x-displayName: Security - SSL
         - name: snapshot
           x-displayName: Snapshot and restore
           description: >
diff --git a/specification/ssl/certificates/GetCertificatesRequest.ts b/specification/ssl/certificates/GetCertificatesRequest.ts
index 68d1cfd311..f3bf4898c7 100644
--- a/specification/ssl/certificates/GetCertificatesRequest.ts
+++ b/specification/ssl/certificates/GetCertificatesRequest.ts
@@ -20,8 +20,26 @@
 import { RequestBase } from '@_types/Base'
 
 /**
+ * Get SSL certificates.
+ *
+ * Get information about the X.509 certificates that are used to encrypt communications in the cluster.
+ * The API returns a list that includes certificates from all TLS contexts including:
+ *
+ * - Settings for transport and HTTP interfaces
+ * - TLS settings that are used within authentication realms
+ * - TLS settings for remote monitoring exporters
+ *
+ * The list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.
+ * It also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.
+ *
+ * The list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.
+ *
+ * NOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.
+ *
+ * If Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.
  * @rest_spec_name ssl.certificates
  * @availability stack since=6.2.0 stability=stable
  * @availability serverless stability=stable visibility=private
+ * @doc_tag security
  */
 export interface Request extends RequestBase {}

From 564824ec6a9d3de9d4cb8e02ba65f54f653e6a51 Mon Sep 17 00:00:00 2001
From: lcawl <lcawley@elastic.co>
Date: Tue, 22 Oct 2024 19:26:09 -0700
Subject: [PATCH 2/2] Generate output

---
 output/openapi/elasticsearch-openapi.json | 5 +++--
 output/schema/schema.json                 | 7 ++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json
index be06e8e079..e577535395 100644
--- a/output/openapi/elasticsearch-openapi.json
+++ b/output/openapi/elasticsearch-openapi.json
@@ -32086,9 +32086,10 @@
     "/_ssl/certificates": {
       "get": {
         "tags": [
-          "ssl"
+          "security"
         ],
-        "summary": "Retrieves information about the X.509 certificates used to encrypt communications in the cluster",
+        "summary": "Get SSL certificates",
+        "description": "Get information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.",
         "operationId": "ssl-certificates",
         "responses": {
           "200": {
diff --git a/output/schema/schema.json b/output/schema/schema.json
index 09518e42d5..78c8a26e0a 100644
--- a/output/schema/schema.json
+++ b/output/schema/schema.json
@@ -18536,7 +18536,8 @@
           "stability": "stable"
         }
       },
-      "description": "Retrieves information about the X.509 certificates used to encrypt communications in the cluster.",
+      "description": "Get SSL certificates.\n\nGet information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.",
+      "docTag": "security",
       "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-ssl.html",
       "name": "ssl.certificates",
       "request": {
@@ -203477,7 +203478,7 @@
       "body": {
         "kind": "no_body"
       },
-      "description": "Retrieves information about the X.509 certificates used to encrypt communications in the cluster.",
+      "description": "Get SSL certificates.\n\nGet information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.",
       "inherits": {
         "type": {
           "name": "RequestBase",
@@ -203490,7 +203491,7 @@
       },
       "path": [],
       "query": [],
-      "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L27"
+      "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L45"
     },
     {
       "kind": "response",