ECE or ECH remote clusters to self-managed incorrect step

[eedugon]

Step 8 of the TLS-certificate method in the following 2 docs is incorrect:

https://www.elastic.co/docs/deploy-manage/remote-clusters/ece-remote-cluster-self-managed
https://www.elastic.co/docs/deploy-manage/remote-clusters/ec-remote-cluster-self-managed

The step looks like:

The place where the step is placed is wrong.

That's an optional step that should only be executed before the step 3, only in case the user needs or wants to generate new TLS certificates for the self-managed cluster, but we should assume these certificates already exist.

The dns and ip settings are optional, but cn is mandatory for use with the trust_restrictions path setting in the next step.

The relation of Step 8 is with steps 3 and 4, not with step 9:

• Step 4 is the trust configuration at cloud level (ECH or ECE)
• Step 8 (should be optional) is the creation of certificates in the self-managed cluster, which would affect step 4, but not 9.
• Step 9 is the trust configuration at self-managed level, which should NOT be related with the self-managed cert, but with the cloud cert.

In short: Step 8 needs to be moved or integrated somehow with Steps 3 and 4, explaining where it might be necessary to generate certificates in the self-managed cluster.

Anyway hopefully nobody will try to configure this legacy and deprecated method anyway.

Action

added by (@georgewallace)

• Update steps to move step 8 before step 3
• Mark it as optional