[DOCS] Minor updates to TLS/SSL docs (elastic/x-pack-elasticsearch#2069)

- Fix typo `trustsore` -> `truststore` in several places - Clarify that enabling TLS requires full restart Original commit: elastic/x-pack-elasticsearch@0f430a1bea
2025-02-23 05:15:04 +00:00 · 2017-07-25 13:03:07 +10:00 · 2017-07-25 13:03:07 +10:00 · 15f5c5a632
commit 15f5c5a632
parent 6a7e51d9c0
4 changed files with 11 additions and 6 deletions
--- a/docs/en/security/authentication/active-directory-realm.asciidoc
+++ b/docs/en/security/authentication/active-directory-realm.asciidoc
@ -302,14 +302,14 @@ operation are supported: failover and load balancing
 | `ssl.certificate`          | no       | Specifies the path to the PEM encoded certificate (or certificate chain) that goes with the key
                                          if the Active Directory server requires client authentication.
 | `ssl.certificate_authorities`| no     | Specifies the paths to the PEM encoded certificate authority certificates that
-                                          should be trusted. `ssl.certificate_authorities` and `ssl.trustsore.path` may not be used at
+                                          should be trusted. `ssl.certificate_authorities` and `ssl.truststore.path` may not be used at
                                          the same time.
 | `ssl.keystore.path`        | no       | The path to the Java Keystore file that contains a private key and certificate. `ssl.key` and
                                          `ssl.keystore.path` may not be used at the same time.
 | `ssl.keystore.password`    | no       | The password to the keystore.
 | `ssl.keystore.key_password`| no       | The password for the key in the keystore. Defaults to the keystore password.
 | `ssl.truststore.path`      | no       | The path to the Java Keystore file that contains the certificates to trust.
-                                          `ssl.certificate_authorities` and `ssl.trustsore.path` may not be used at the same time.
+                                          `ssl.certificate_authorities` and `ssl.truststore.path` may not be used at the same time.
 | `ssl.truststore.password`  | no       | The password to the truststore.
 | `ssl.verification_mode`    | no       | Specifies the type of verification to be performed when
                                          connecting to an Active Directory server using `ldaps`. When
--- a/docs/en/security/authentication/ldap-realm.asciidoc
+++ b/docs/en/security/authentication/ldap-realm.asciidoc
@ -239,14 +239,14 @@ failover and load balancing modes of operation.
 | `ssl.certificate`              | no       | Specifies the path to the PEM encoded certificate (or certificate chain) that goes with the
                                              key if the LDAP server requires client authentication.
 | `ssl.certificate_authorities`  | no       | Specifies the paths to the PEM encoded certificate authority certificates that
-                                              should be trusted. `ssl.certificate_authorities` and `ssl.trustsore.path` may not be used
+                                              should be trusted. `ssl.certificate_authorities` and `ssl.truststore.path` may not be used
                                              at the same time.
 | `ssl.keystore.path`            | no       | The path to the Java Keystore file that contains a private key and certificate. `ssl.key` and
                                              `ssl.keystore.path` may not be used at the same time.
 | `ssl.keystore.password`        | no       | The password to the keystore.
 | `ssl.keystore.key_password`    | no       | The password for the key in the keystore. Defaults to the keystore password.
 | `ssl.truststore.path`          | no       | The path to the Java Keystore file that contains the certificates to trust.
-                                              `ssl.certificate_authorities` and `ssl.trustsore.path` may not be used at the same time.
+                                              `ssl.certificate_authorities` and `ssl.truststore.path` may not be used at the same time.
 | `ssl.truststore.password`      | no       | The password to the truststore.
 | `ssl.verification_mode`        | no       | Specifies the type of verification to be performed when
                                              connecting to a LDAP server using `ldaps`. When
--- a/docs/en/security/securing-communications/setting-up-ssl.asciidoc
+++ b/docs/en/security/securing-communications/setting-up-ssl.asciidoc
@ -304,6 +304,11 @@ xpack.security.http.ssl.enabled: true
 +

 . Restart Elasticsearch.
+
+You must perform a full cluster restart. Nodes which are configured to use
+SSL/TLS cannot communicate with nodes that are using unencrypted networking
+(and vice-versa). After enabling SSL/TLS you must restart all nodes in order
+to maintain communication across the cluster.

 NOTE: All SSL related node settings that are considered to be highly sensitive
      and therefore are not exposed via the
--- a/docs/en/settings/security-settings.asciidoc
+++ b/docs/en/settings/security-settings.asciidoc
@ -306,7 +306,7 @@ The password for the key in the keystore. Defaults to the keystore password.

 `ssl.truststore.path`::
 The path to the Java Keystore file that contains the certificates to trust.
-`ssl.certificate_authorities` and `ssl.trustsore.path` may not be used at the same time.
+`ssl.certificate_authorities` and `ssl.truststore.path` may not be used at the same time.

 `ssl.truststore.password`::
 The password to the truststore.
@ -546,7 +546,7 @@ This setting may not be used with `certificate_authorities`.
 The password for the truststore. Must be provided if `truststore.path` is set.

 `truststore.algorithm`::
-Algorithm for the trustsore. Defaults to `SunX509`.
+Algorithm for the truststore. Defaults to `SunX509`.

 `files.role_mapping`::
 Specifies the {xpack-ref}/security-files.html[location] of the