[DOCS] Steps for updating TLS certificates (#73781) (#75813)

elasticsearchmachine · Adam Locke · elasticmachine · web-flow · commit 8c441ecc1b28 · 2021-07-29T07:49:20.000-04:00
* [DOCS] Steps for updating TLS certificates

* Updates for changing CA

* Updates for rotating certs with a new CA

* Add instructions for generating HTTP certs with a new CA

* Add steps for creating HTTP certs with new CA

* Clarify note about cluser restart and other edits

* Clarifying scenarios

* Apply suggestions from code review

Co-authored-by: Ioannis Kakavas &lt;ikakavas@protonmail.com&gt;

* Incorporating review feedback and making necessary changes

* Clarifications and changes regarding restarts

* Remove errant --pem in basic security setup

* Incorporate suggestions from code review

Co-authored-by: Ioannis Kakavas &lt;ikakavas@protonmail.com&gt;

* Many, many updates. But good ones.

* Add languages for snippets

* Reorder steps to reference rolling restart throughout for consistency

* Add clarifying what's next steps

* Add instructions for updating Kibana certificate

* Apply suggestions from Ioannis' stellar code review

Co-authored-by: Ioannis Kakavas &lt;ikakavas@protonmail.com&gt;

* Update instructions to use a single keystore, plus other review changes

* Incorporating another round of review comments

* Minor updates from reviewer feedback

* Clarifying examples and fixing numbering

* Skip tests that are creating unnecessary noise

* Quieting other tests

Co-authored-by: Elastic Machine &lt;elasticmachine@users.noreply.github.com&gt;
Co-authored-by: Ioannis Kakavas &lt;ikakavas@protonmail.com&gt;

Co-authored-by: Adam Locke &lt;adam.locke@elastic.co&gt;
Co-authored-by: Elastic Machine &lt;elasticmachine@users.noreply.github.com&gt;
Co-authored-by: Ioannis Kakavas &lt;ikakavas@protonmail.com&gt;
diff --git a/x-pack/docs/en/security/index.asciidoc b/x-pack/docs/en/security/index.asciidoc
@@ -92,6 +92,8 @@ See <<enable-audit-logging,Enable audit logging>>.
 
 include::configuring-stack-security.asciidoc[]
 
+include::securing-communications/update-tls-certificates.asciidoc[]
+
 include::authentication/overview.asciidoc[]
 
 include::authorization/overview.asciidoc[]
diff --git a/x-pack/docs/en/security/securing-communications/security-basic-setup.asciidoc b/x-pack/docs/en/security/securing-communications/security-basic-setup.asciidoc
@@ -91,16 +91,17 @@ generate a CA for your cluster.
 ----
 ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
 ----
++
+   `--ca <ca_file>`:: Name of the CA file used to sign your certificates. The
+   default file name from the `elasticsearch-certutil` tool is `elastic-stack-ca.p12`.
++
 
    a. Enter the password for your CA, or press *Enter* if you did not configure one in the previous step.
 
    b. Create a password for the certificate and accept the default file name.
 +
 The output file is a keystore named `elastic-certificates.p12`. This file
 contains a node certificate, node key, and CA certificate.
-+
-   `--ca <ca_file>`:: Name of the CA file used to sign your certificates. The
-   default file name from the `elasticsearch-certutil` tool is `elastic-stack-ca.p12`.
 
 . Copy the `elastic-certificates.p12` file to the `ES_PATH_CONF`
    directory on every node in your cluster.
diff --git a/x-pack/docs/en/security/securing-communications/update-tls-certificates.asciidoc b/x-pack/docs/en/security/securing-communications/update-tls-certificates.asciidoc
