elastic · lockewritesdocs · Jul 29, 2021 · Jul 28, 2021
diff --git a/x-pack/docs/en/security/index.asciidoc b/x-pack/docs/en/security/index.asciidoc
@@ -92,6 +92,8 @@ See <<enable-audit-logging,Enable audit logging>>.
 
 include::configuring-stack-security.asciidoc[]
 
+include::securing-communications/update-tls-certificates.asciidoc[]
+
 include::authentication/overview.asciidoc[]
 
 include::authorization/overview.asciidoc[]

diff --git a/x-pack/docs/en/security/securing-communications/security-basic-setup.asciidoc b/x-pack/docs/en/security/securing-communications/security-basic-setup.asciidoc
@@ -91,16 +91,17 @@ generate a CA for your cluster.
 ----
 ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
 ----
++
+   `--ca <ca_file>`:: Name of the CA file used to sign your certificates. The
+   default file name from the `elasticsearch-certutil` tool is `elastic-stack-ca.p12`.
++
 
    a. Enter the password for your CA, or press *Enter* if you did not configure one in the previous step.
 
    b. Create a password for the certificate and accept the default file name.
 +
 The output file is a keystore named `elastic-certificates.p12`. This file
 contains a node certificate, node key, and CA certificate.
-+
-   `--ca <ca_file>`:: Name of the CA file used to sign your certificates. The
-   default file name from the `elasticsearch-certutil` tool is `elastic-stack-ca.p12`.
 
 . Copy the `elastic-certificates.p12` file to the `ES_PATH_CONF`
    directory on every node in your cluster.