From dbeb91a7f2c1c333b9355aa8e7ccfeb8a17746e1 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 27 Jul 2023 11:47:43 -0500 Subject: [PATCH 1/3] Update bring your own certificate documentation to note about using intermediary CAs. Signed-off-by: Michael Montgomery --- .../accessing-elastic-services.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc b/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc index e5b9f89788..c462fae258 100644 --- a/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc @@ -148,6 +148,8 @@ spec: You can bring your own certificate to configure TLS to ensure that communication between HTTP clients and the Elastic Stack application is encrypted. +WARNING: If your `tls.crt` is signed by an intermediate CA you will need both the Root CA, and the intermediate CA combined within the `ca.crt` file. + Create a Kubernetes secret with: - `ca.crt`: CA certificate (optional if `tls.crt` was issued by a well-known CA). From 5e02b44ef7a1305e70d48eb2c30ac4592b586380 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 27 Jul 2023 12:00:40 -0500 Subject: [PATCH 2/3] Update wording. Signed-off-by: Michael Montgomery --- .../accessing-elastic-services.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc b/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc index c462fae258..636197e122 100644 --- a/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc @@ -148,7 +148,7 @@ spec: You can bring your own certificate to configure TLS to ensure that communication between HTTP clients and the Elastic Stack application is encrypted. -WARNING: If your `tls.crt` is signed by an intermediate CA you will need both the Root CA, and the intermediate CA combined within the `ca.crt` file. +WARNING: If your `tls.crt` is signed by an intermediate CA you may need both the Root CA and the intermediate CA combined within the `ca.crt` file depending on whether the Root CA is globally trusted. Create a Kubernetes secret with: From 49379c124dff158612b994e7f27dc73baba086f1 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Wed, 2 Aug 2023 08:42:18 -0500 Subject: [PATCH 3/3] Move warning after creation of secret. Signed-off-by: Michael Montgomery --- .../accessing-elastic-services.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc b/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc index 636197e122..9edf25a931 100644 --- a/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/accessing-elastic-services.asciidoc @@ -148,14 +148,14 @@ spec: You can bring your own certificate to configure TLS to ensure that communication between HTTP clients and the Elastic Stack application is encrypted. -WARNING: If your `tls.crt` is signed by an intermediate CA you may need both the Root CA and the intermediate CA combined within the `ca.crt` file depending on whether the Root CA is globally trusted. - Create a Kubernetes secret with: - `ca.crt`: CA certificate (optional if `tls.crt` was issued by a well-known CA). - `tls.crt`: The certificate. - `tls.key`: The private key to the first certificate in the certificate chain. +WARNING: If your `tls.crt` is signed by an intermediate CA you may need both the Root CA and the intermediate CA combined within the `ca.crt` file depending on whether the Root CA is globally trusted. + [source,sh] ---- kubectl create secret generic my-cert --from-file=ca.crt --from-file=tls.crt --from-file=tls.key