From 2bc0d8698d60624f9b3ce4af655b6e00084c2671 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Thu, 2 Nov 2017 08:13:30 -0700 Subject: [PATCH] [DOCS] Add SSL info to setup-passwords (elastic/x-pack-elasticsearch#2734) * [DOCS] Add SSL info to setup-passwords * [DOCS] Addressed feedback in setup-passwords * [DOCS] Added link to setup-passwords troubleshooting page Original commit: elastic/x-pack-elasticsearch@2bf820c303b2d04b5674cfb06b33b467c884eda2 --- docs/en/commands/setup-passwords.asciidoc | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/en/commands/setup-passwords.asciidoc b/docs/en/commands/setup-passwords.asciidoc index 5a3fd6472cf..01cf55ad786 100644 --- a/docs/en/commands/setup-passwords.asciidoc +++ b/docs/en/commands/setup-passwords.asciidoc @@ -26,6 +26,17 @@ user, the bootstrap password is no longer active and you cannot use this command Instead, you can change passwords by using the *Management > Users* UI in {kib} or the <>. +This command uses an HTTP connection to connect to the cluster and run the user +management requests. If your cluster uses TLS/SSL on the HTTP layer, the command +automatically attempts to establish the connection by using the HTTPS protocol. +It configures the connection by using the `xpack.security.http.ssl` settings in +the `elasticsearch.yml` file. If you do not use the default config directory +location, ensure that the *ES_PATH_CONF* environment variable returns the +correct path before you run the `setup-passwords` command. You can override +settings in your `elasticsearch.yml` file by using the `-E` command option. +For more information about debugging connection failures, see +{xpack-ref}/trb-security-setup.html[Setup-passwords command fails due to connection failure]. + [float] === Parameters @@ -44,7 +55,8 @@ user. `-u, --url ""`:: Specifies the URL that the tool uses to submit the user management API requests. The default value is determined from the settings in your -`elasticsearch.yml` file. +`elasticsearch.yml` file. If `xpack.security.http.ssl.enabled` is set to `true`, +you must specify an HTTPS URL. `-v, --verbose`:: Shows verbose output.