[Doc] Improve doc for certutil parameter applicability (elastic#91124) (elastic#91145)

ywangd · web-flow · commit e5dae5b8f501 · 2022-10-26T18:52:46.000-04:00
The http command does not take most of the parameters. This PR ensures
it is consistently documented for all parameters.
diff --git a/docs/reference/commands/certutil.asciidoc b/docs/reference/commands/certutil.asciidoc
@@ -128,70 +128,71 @@ explains how to use the files.
 === Parameters
 
 `ca`:: Specifies to generate a new local certificate authority (CA). This
-parameter cannot be used with the `csr` or `cert` parameters.
+parameter cannot be used with the `csr`, `cert` or `http` parameters.
 
 `cert`:: Specifies to generate new X.509 certificates and keys.
-This parameter cannot be used with the `csr` or `ca` parameters.
+This parameter cannot be used with the `csr`, `ca` or `http` parameters.
 
 `csr`:: Specifies to generate certificate signing requests. This parameter
-cannot be used with the `ca` or `cert` parameters.
+cannot be used with the `ca`, `cert` or `http` parameters.
 
 `http`:: Generates a new certificate or certificate request for the {es} HTTP
-interface.
+interface. This parameter cannot be used with the `ca`, `cert` or `csr` parameters.
 
 `--ca <file_path>`:: Specifies the path to an existing CA key pair
-(in PKCS#12 format). This parameter cannot be used with the `ca` or `csr` parameters.
+(in PKCS#12 format). This parameter is only applicable to the `cert` parameter.
 
 `--ca-cert <file_path>`:: Specifies the path to an existing CA certificate (in
 PEM format). You must also specify the `--ca-key` parameter. The `--ca-cert`
-parameter cannot be used with the `ca` or `csr` parameters.
+parameter is only applicable to the `cert` parameter.
 
 `--ca-dn <name>`:: Defines the _Distinguished Name_ (DN) that is used for the
 generated CA certificate. The default value is
 `CN=Elastic Certificate Tool Autogenerated CA`. This parameter cannot be used
-with the `csr` parameter.
+with the `csr` or `http` parameters.
 
 `--ca-key <file_path>`:: Specifies the path to an existing CA private key (in
 PEM format). You must also specify the `--ca-cert` parameter. The `--ca-key`
-parameter cannot be used with the `ca` or `csr` parameters.
+parameter is only applicable to the `cert` parameter.
 
 `--ca-pass <password>`:: Specifies the password for an existing CA private key
-or the generated CA private key. This parameter cannot be used with the `ca` or
-`csr` parameters.
+or the generated CA private key. This parameter is only applicable to the `cert` parameter
 
 `--days <n>`:: Specifies an integer value that represents the number of days the
 generated certificates are valid. The default value is `1095`. This parameter
-cannot be used with the `csr` parameter.
+cannot be used with the `csr` or `http` parameters.
 
 `--dns <domain_name>`:: Specifies a comma-separated list of DNS names. This
-parameter cannot be used with the `ca` parameter.
+parameter cannot be used with the `ca` or `http` parameters.
 
 `-E <KeyValuePair>`:: Configures a setting.
 
 `-h, --help`:: Returns all of the command parameters.
 
 `--in <input_file>`:: Specifies the file that is used to run in silent mode. The
-input file must be a YAML file. This parameter cannot be used with the `ca`
-parameter.
+input file must be a YAML file. This parameter cannot be used with the `ca` or
+`http` parameters.
 
 `--ip <IP_addresses>`:: Specifies a comma-separated list of IP addresses. This
-parameter cannot be used with the `ca` parameter.
+parameter cannot be used with the `ca` or `http` parameters.
 
 `--keysize <bits>`::
 Defines the number of bits that are used in generated RSA keys. The default
-value is `2048`.
+value is `2048`. This parameter cannot be used with the `http` parameter.
 
 `--multiple`::
 Specifies to generate files for multiple instances. This parameter cannot be
-used with the `ca` parameter.
+used with the `ca` or `http` parameters.
 
 `--name <file_name>`::
 Specifies the name of the generated certificate. This parameter cannot be used
-with the `ca` parameter.
+with the `ca` or `http` parameters.
 
-`--out <file_path>`:: Specifies a path for the output files.
+`--out <file_path>`:: Specifies a path for the output files. This parameter
+cannot be used with the `http` parameter.
 
 `--pass <password>`:: Specifies the password for the generated private keys.
+This parameter cannot be used with the `http` parameters.
 +
 Keys stored in PKCS#12 format are always password protected, however,
 this password may be _blank_. If you want to specify a blank password
@@ -206,7 +207,7 @@ wish to password-protect your PEM keys, then do not specify
 
 
 `--pem`:: Generates certificates and keys in PEM format instead of PKCS#12. This
-parameter cannot be used with the `csr` parameter.
+parameter cannot be used with the `csr` or `http` parameters.
 
 `--self-signed`:: Generates self-signed certificates. This parameter is only
 applicable to the `cert` parameter.
