elastic · KOTungseth · Aug 2, 2021 · Jul 28, 2021 · Jul 28, 2021 · Aug 2, 2021
diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
diff --git a/docs/settings/alert-action-settings.asciidoc b/docs/settings/alert-action-settings.asciidoc
@@ -8,7 +8,7 @@
 Alerts and actions are enabled by default in {kib}, but require you configure the following in order to use them:
 
 . <<using-kibana-with-security,Set up {kib} to work with {stack} {security-features}>>.
-. <<configuring-tls-kib-es,Set up TLS encryption between {kib} and {es}>>.
+. {ref}/security-basic-setup-https.html#encrypt-kibana-elasticsearch[Encrypt traffic between {kib} and {es}].
 . If you are using an *on-premises* Elastic Stack deployment, <<general-alert-action-settings,specify a value for `xpack.encryptedSavedObjects.encryptionKey`>>.
 
 You can configure the following settings in the `kibana.yml` file.

diff --git a/docs/settings/fleet-settings.asciidoc b/docs/settings/fleet-settings.asciidoc
@@ -45,7 +45,7 @@ See the {fleet-guide}/index.html[{fleet}] docs for more information.
 |===
 | `xpack.fleet.agents.fleet_server.hosts`
   | Hostnames used by {agent} for accessing {fleet-server}.
-| `xpack.fleet.agents.elasticsearch.hosts`
+| [[xpack-fleet-agents-elasticsearch-hosts]]`xpack.fleet.agents.elasticsearch.hosts`
   | Hostnames used by {agent} for accessing {es}.
 | `xpack.fleet.agents.elasticsearch.ca_sha256`
   | Hash pin used for certificate verification. The pin is a base64-encoded

diff --git a/docs/setup/settings.asciidoc b/docs/setup/settings.asciidoc
@@ -42,13 +42,13 @@ that disables certain unnecessary and potentially insecure capabilities in
 the browser. It is strongly recommended that you keep the default CSP rules
 that ship with {kib}.
 
-| `csp.script_src:`
+| [[csp-script-src]]`csp.script_src:`
 | Add sources for the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src[Content Security Policy `script-src` directive].
 
-| `csp.worker_src:`
+| [[csp-worker-src]]`csp.worker_src:`
 | Add sources for the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src[Content Security Policy `worker-src` directive].
 
-| `csp.style_src:`
+| [[csp-style-src]]`csp.style_src:`
 | Add sources for the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src[Content Security Policy `style-src` directive].
 
 | `csp.connect_src:`

diff --git a/docs/user/alerting/alerting-setup.asciidoc b/docs/user/alerting/alerting-setup.asciidoc
@@ -17,7 +17,7 @@ If you are using an *on-premises* Elastic Stack deployment:
 
 If you are using an *on-premises* Elastic Stack deployment with <<using-kibana-with-security, *security*>>:
 
-* You must enable Transport Layer Security (TLS) for communication <<configuring-tls-kib-es, between {es} and {kib}>>. {kib} alerting uses <<api-keys, API keys>> to secure background rule checks and actions, and API keys require {ref}/configuring-tls.html#tls-http[TLS on the HTTP interface]. A proxy will not suffice.
+* You must enable Transport Layer Security (TLS) for communication {ref}/security-basic-setup-https.html#encrypt-kibana-elasticsearch[between {es} and {kib}]. {kib} alerting uses <<api-keys, API keys>> to secure background rule checks and actions, and API keys require {ref}/configuring-tls.html#tls-http[TLS on the HTTP interface]. A proxy will not suffice.
 * If you have enabled TLS and are still unable to access Alerting, ensure that you have not {ref}/security-settings.html#api-key-service-settings[explicitly disabled API keys].
 
 [float]

diff --git a/docs/user/monitoring/monitoring-kibana.asciidoc b/docs/user/monitoring/monitoring-kibana.asciidoc
@@ -105,7 +105,7 @@ valid user ID and password in the `elasticsearch.username` and
 `elasticsearch.password` settings in the `kibana.yml` file. These values are
 used when {kib} sends monitoring data to the production cluster.
 
-.. <<configuring-tls-kib-es,Configure encryption for traffic between {kib} and {es}>>.
+.. {ref}/security-basic-setup-https.html#encrypt-kibana-elasticsearch[Encrypt traffic between {kib} and {es}].
 
 . <<start-stop,Start {kib}>>.
 

diff --git a/docs/user/security/securing-communications/elasticsearch-mutual-tls.asciidoc b/docs/user/security/securing-communications/elasticsearch-mutual-tls.asciidoc
@@ -32,7 +32,7 @@ To configure {kib} and {es} to use mutual TLS authentication:
 
 . <<using-kibana-with-security,Set up {kib} to work with {stack} {security-features} with a username and password>>.
 
-. <<configuring-tls-kib-es,Set up TLS encryption between {kib} and {es}>>.
+. {ref}/security-basic-setup-https.html#encrypt-kibana-elasticsearch[Encrypt traffic between {kib} and {es}].
 +
 This entails generating a "server certificate" for {es} to use on the HTTP layer.