Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Clarifying TLS steps #65326

Merged
merged 7 commits into from
Dec 18, 2020
Merged

[DOCS] Clarifying TLS steps #65326

merged 7 commits into from
Dec 18, 2020

Conversation

lockewritesdocs
Copy link
Contributor

Provides clarity around which certificates to copy into configuration directories when configuring TLS.

Closes #65245

@lockewritesdocs lockewritesdocs added >docs General docs changes :Security/TLS SSL/TLS, Certificates labels Nov 20, 2020
@lockewritesdocs lockewritesdocs self-assigned this Nov 20, 2020
@elasticmachine elasticmachine added Team:Docs Meta label for docs team Team:Security Meta label for security team labels Nov 20, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-docs (Team:Docs)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

tvernum
tvernum reviewed Nov 23, 2020
View reviewed changes
x-pack/docs/en/security/securing-communications/node-certificates.asciidoc Outdated
Comment on lines 100 to 101
Answer `y` if you want to sign your own certificates, or `n` if you want to
sign certificates with a central CA.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure that this terminology would clarify which choice to make - that is, "sign your own certificates" isn't particularly clear, and could mean "I want to do it as part of this process" (which would actually mean you should pick n) or "I handle it myself by sending it to someone in my organisation" (which is y).

I would go with something more like this:

Suggested change
Answer `y` if you want to sign your own certificates, or `n` if you want to
sign certificates with a central CA.
Answer `y` if you need to have your certificates signed by someone else
(such as an internal security team, or a commercial certificate authority),
or `n` if you want to sign certificates with a CA that you have direct access to.

It feels a bit wordy though, and "direct access" might not be clear enough.

Copy link
Contributor Author

@lockewritesdocs lockewritesdocs Nov 23, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tvernum, I like the distinction that you incorporated. I think we can break these ideas into separate sentences:

Answer y if a trusted authority, such as in internal security team or a commercial certificate authority, will sign your certificates. Answer n if you have access to a trusted CA and will sign your own certificates.

x-pack/docs/en/security/securing-communications/node-certificates.asciidoc Outdated Show resolved Hide resolved
@tvernum
Fix file name
83fb31f 
Co-authored-by: Tim Vernum <tim@adjective.org>
@lockewritesdocs
Copy link
Contributor Author

@elasticmachine test this please

@lockewritesdocs
Copy link
Contributor Author

@elasticmachine update branch

@lockewritesdocs
Copy link
Contributor Author

@elasticmachine update branch

@lockewritesdocs
Copy link
Contributor Author

@elasticmachine test this please

@lockewritesdocs
Copy link
Contributor Author

@elasticmachine update branch

@lockewritesdocs lockewritesdocs merged commit ce30ac1 into elastic:master Dec 18, 2020
@lockewritesdocs lockewritesdocs deleted the docs__tls-security-updates branch December 18, 2020 17:09
@lockewritesdocs lockewritesdocs mentioned this pull request Dec 18, 2020
Merged
lockewritesdocs pushed a commit to lockewritesdocs/elasticsearch that referenced this pull request Dec 18, 2020
[DOCS] Clarifying TLS steps (elastic#65326)
4e24391 
* [DOCS] Clarifying TLS steps

* Fix file name

* Clarifying note based on reviewer feedback
@lockewritesdocs lockewritesdocs mentioned this pull request Dec 18, 2020
Merged
lockewritesdocs pushed a commit that referenced this pull request Dec 18, 2020
[DOCS] Clarifying TLS steps (#65326) (#66613)
2704706 
* [DOCS] Clarifying TLS steps

* Fix file name

* Clarifying note based on reviewer feedback
lockewritesdocs pushed a commit that referenced this pull request Dec 18, 2020
[DOCS] Clarifying TLS steps (#65326) (#66614)
a4d5e36 
* [DOCS] Clarifying TLS steps

* Fix file name

* Clarifying note based on reviewer feedback
@lockewritesdocs lockewritesdocs mentioned this pull request Dec 18, 2020
Merged
lockewritesdocs pushed a commit that referenced this pull request Dec 18, 2020
[DOCS] Clarifying TLS steps (#65326) (#66654)
c8ffbfa 
* [DOCS] Clarifying TLS steps

* Fix file name

* Clarifying note based on reviewer feedback
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvernum tvernum Awaiting requested review from tvernum

Assignees

@lockewritesdocs lockewritesdocs

Labels
>docs General docs changes :Security/TLS SSL/TLS, Certificates Team:Docs Meta label for docs team Team:Security Meta label for security team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Confusing steps in internode TLS setup docs
3 participants
@lockewritesdocs @elasticmachine @tvernum