Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add mTLS flags to 'Configure SSL/TLS' docs #1099

Merged
merged 1 commit into from
Jun 21, 2024
Merged

Add mTLS flags to 'Configure SSL/TLS' docs #1099

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 20 additions & 1 deletion docs/en/ingest-management/security/certificates.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,11 +216,17 @@ sudo ./elastic-agent install \
--url=https://192.0.2.1:8220 \
--fleet-server-es=https://192.0.2.0:9200 \
--fleet-server-service-token=AAEBAWVsYXm0aWMvZmxlZXQtc2XydmVyL3Rva2VuLTE2MjM4OTAztDU1OTQ6dllfVW1mYnFTVjJwTC2ZQ0EtVnVZQQ \
--fleet-server-policy=fleet-server-policy \
--fleet-server-es-ca=/path/to/elasticsearch-ca.crt \
--certificate-authorities=/path/to/ca.crt \
--fleet-server-cert=/path/to/fleet-server.crt \
--fleet-server-cert-key=/path/to/fleet-server.key \
--fleet-server-port=8220
--fleet-server-port=8220 \
--elastic-agent-cert=/tmp/fleet-server.crt \
--elastic-agent-cert-key=/tmp/fleet-server.key \
--fleet-server-es-cert=/tmp/fleet-server.crt \
--fleet-server-es-cert-key=/tmp/fleet-server.key \
--fleet-server-client-auth=required
----

Where:
Expand All @@ -231,6 +237,8 @@ Where:
{es} URL
`fleet-server-service-token`::
Service token to use to communicate with {es}.
`fleet-server-policy`::
The specific policy that {fleet-server} will use.
`fleet-server-es-ca`::
CA certificate that the current {fleet-server} uses to connect to {es}.
`certificate-authorities`::
Expand All @@ -244,6 +252,17 @@ to the other {agents}
Private key to use to expose this {fleet-server} HTTPS endpoint
to the other {agents}

`elastic-agent-cert`::
The certificate to use as the client certificate for {agent}'s connections to {fleet-server}.
`elastic-agent-cert-key`::
The path to the private key to use as for {agent}'s connections to {fleet-server}.
`fleet-server-es-cert`::
The path to the client certificate that {fleet-server} will use when connecting to {es}.
`fleet-server-es-cert-key`::
The path to the private key that {fleet-server} will use when connecting to {es}.
`fleet-server-client-auth`::
One of `none`, `optional`, or `required`. Defaults to `none`. {fleet-server}'s client_authentication option for client mTLS connections. If `optional` or `required` is specified, client certificates are verified using CAs specified in the `--certificate-authorities` flag.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider front-loading the description

Suggested change
One of `none`, `optional`, or `required`. Defaults to `none`. {fleet-server}'s client_authentication option for client mTLS connections. If `optional` or `required` is specified, client certificates are verified using CAs specified in the `--certificate-authorities` flag.
{fleet-server}'s client_authentication option for client mTLS connections. Accepted values: one of `none`, `optional`, or `required`. Defaults to `none`. If `optional` or `required` is specified, client certificates are verified using CAs specified in the `--certificate-authorities` flag.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @shainaraskas! I pulled the trigger too early and didn't notice this.


Note that additionally an optional passphrase for the private key may be specified with:

`fleet-server-cert-key-passphrase`::
Expand Down