Porting over docker certificate security stuff

docs/opensearch/install/docker-security.md

@@ -12,7 +12,7 @@ Before deploying to a production environment, you should replace the demo securi
 
 Additionally, you can set the Docker environment variable `DISABLE_INSTALL_DEMO_CONFIG` to `true`. This change completely disables the demo installer.
 
-#### Sample Docker Compose file
+## Sample Docker Compose file
 
 ```yml
 version: '3'
@@ -142,3 +142,38 @@ If you encounter any `File /usr/share/opensearch/config/opensearch.yml has insec
 {: .note }
 
 Finally, you can reach OpenSearch Dashboards at http://localhost:5601, sign in, and use the **Security** panel to perform other management tasks.
+
+## Using certificates with Docker
+
+To use your own certificates in your configuration, add all of the necessary certificates to the volumes section of the Docker Compose file:
+
+```yml
+volumes:
+- ./root-ca.pem:/full/path/to/certificate.pem
+- ./admin.pem:/full/path/to/certificate.pem
+- ./admin-key.pem:/full/path/to/certificate.pem
+#Add other certificates
+```
+
+After replacing the demo certificates with your own, you must also include a custom `opensearch.yml` in your setup, which you need to specify in the volumes section.
+
+```yml
+volumes:
+#Add certificates here
+- ./custom-opensearch.yml: /full/path/to/custom-opensearch.yml
+```
+
+Remember that the certificates you specify in your Docker Compose file must be the same as the certificates listed in your custom `opensearch.yml` file. At a minimum, you should replace the root, admin, and node certificates with your own. For more information about adding and using certificates, see [Configure TLS certificates](../security/configuration/tls.md).
+
+```yml
+opensearch_security.ssl.transport.pemcert_filepath: new-node-cert.pem
+opensearch_security.ssl.transport.pemkey_filepath: new-node-cert-key.pem
+opensearch_security.ssl.transport.pemtrustedcas_filepath: new-root-ca.pem
+opensearch_security.ssl.http.pemcert_filepath: new-node-cert.pem
+opensearch_security.ssl.http.pemkey_filepath: new-node-cert-key.pem
+opensearch_security.ssl.http.pemtrustedcas_filepath: new-root-ca.pem
+opensearch_security.authcz.admin_dn:
+  - CN=admin,OU=SSL,O=Test,L=Test,C=DE
+```
+
+To start the cluster, run `docker-compose up` as usual.

docs/opensearch/install/docker.md

@@ -185,7 +185,7 @@ services:
       - ./custom-opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
 ```
 
-You can use this same method to [pass your own certificates](../docker-security/) to the containers for use with the [Security](../../../security/configuration/) plugin.
+You can also configure `docker-compose.yml` and `opensearch.yml` [to take your own certificates](../docker-security/) for use with the [Security](../../security/configuration/) plugin.
 
 
 ### (Optional) Set up Performance Analyzer

docs/security/configuration/client-auth.md

@@ -105,3 +105,7 @@ output.opensearch:
   ssl.certificate: "/full/path/to/client-cert.pem"
   ssl.key: "/full/path/to/to/client-cert-key.pem"
 ```
+
+## Using certificates with Docker
+
+While we recommend using the [tarball](../../../install/tar) installation of ODFE to test client certificate authentication configurations, you can also use any of the other install types. For instructions on using Docker, for example, see [Docker security configuration](../../../install/docker-security).

docs/security/configuration/generate-certificates.md

@@ -170,7 +170,7 @@ This process generates many files, but these are the ones you need to add to you
 - (Optional) `each-node-cert.pem`
 - (Optional) `each-node-key.pem`
 
-For information about adding and configuring these certificates, see [Docker security configuration](../../../install/docker-security/) and [Configure TLS certificates](../tls/).
+For information about adding and using these certificates in your own setup, see [Docker security configuration](../../../install/docker-security/) and [Configure TLS certificates](../tls/).
 
 
 ## Run securityadmin.sh