Manually update certutil links

Mpdreamz · web-flow · commit 302ff5a8d045 · 2018-02-09T11:44:48.000+01:00
diff --git a/docs/client-concepts/certificates/working-with-certificates.asciidoc b/docs/client-concepts/certificates/working-with-certificates.asciidoc
@@ -21,7 +21,8 @@ that generated the certificate is trusted by the machine running the client code
 to the cluster over HTTPS with the client.
 
 If you are using your own CA which is not trusted however, .NET won't allow you to make HTTPS calls to that endpoint by default. With .NET,
-you can pre-empt this though a custom validation callback on the global static`ServicePointManager.ServerCertificateValidationCallback`. Most examples you will find doing this this will simply return `true` from the
+you can pre-empt this though a custom validation callback on the global static
+`ServicePointManager.ServerCertificateValidationCallback`. Most examples you will find doing this this will simply return `true` from the
 validation callback and merrily whistle off into the sunset. **This is not advisable** as it allows *any* HTTPS traffic through in the
 current `AppDomain` *without* any validation. Here's a concrete example:
 
@@ -40,7 +41,8 @@ validation will not be performed for HTTPS connections to *both* Elasticsearch *
 
 It's possible to also set a callback per service endpoint with .NET, and both Elasticsearch.NET and NEST expose this through
 connection settings `ConnectionConfiguration` with Elasticsearch.Net and `ConnectionSettings` with NEST). You can do
-your own validation in that handler or use one of the baked in handlers that we ship with out of the box, on the static class`CertificateValidations`.
+your own validation in that handler or use one of the baked in handlers that we ship with out of the box, on the static class
+`CertificateValidations`.
 
 The two most basic ones are `AllowAll` and `DenyAll`, which accept or deny all SSL traffic to our nodes, respectively. Here's
 a couple of examples.
@@ -55,7 +57,7 @@ public class DenyAllCertificatesCluster : SslAndKpiXPackCluster
 {
     protected override ConnectionSettings ConnectionSettings(ConnectionSettings s) => s
         .ServerCertificateValidationCallback((o, certificate, chain, errors) => false)
-        .ServerCertificateValidationCallback(CertificateValidations.DenyAll); <1>
+        .ServerCertificateValidationCallback(CertificateValidations.DenyAll); <1>
 }
 ----
 <1> synonymous with the previous lambda expression
@@ -70,7 +72,7 @@ public class AllowAllCertificatesCluster : SslAndKpiXPackCluster
 {
     protected override ConnectionSettings ConnectionSettings(ConnectionSettings s) => s
         .ServerCertificateValidationCallback((o, certificate, chain, errors) => true)
-        .ServerCertificateValidationCallback(CertificateValidations.AllowAll); <1>
+        .ServerCertificateValidationCallback(CertificateValidations.AllowAll); <1>
 }
 ----
 <1> synonymous with the previous lambda expression
@@ -80,8 +82,9 @@ public class AllowAllCertificatesCluster : SslAndKpiXPackCluster
 If your client application has access to the public CA certificate locally, Elasticsearch.NET and NEST ship with some handy helpers
 that can assert that a certificate the server presents is one that came from the local CA.
 
-If you use X-Pack's {ref_current}/certutil.html`certutil` tool] to generate SSL certificates, the generated node certificate
-does not include the CA in the certificate chain, in order to cut down on SSL handshake size. In those case you can use`CertificateValidations.AuthorityIsRoot` and pass it your local copy of the CA public key to assert that
+If you use X-Pack's {ref_current}/certutil.html[+certutil+ tool] to generate SSL certificates, the generated node certificate
+does not include the CA in the certificate chain, in order to cut down on SSL handshake size. In those case you can use
+`CertificateValidations.AuthorityIsRoot` and pass it your local copy of the CA public key to assert that
 the certificate the server presented was generated using it
 
 [source,csharp]
@@ -115,7 +118,7 @@ the local CA certificate is part of the chain that was used to generate the serv
 ==== Client Certificates
 
 X-Pack also allows you to configure a {xpack_current}/pki-realm.html[PKI realm] to enable user authentication
-through client certificates. The {ref_current}/certutil.html`certutil` tool] included with X-Pack allows you to
+through client certificates. The {ref_current}/certutil.html[+certutil+ tool] included with X-Pack allows you to
 generate client certificates as well and assign the distinguished name (DN) of the
 certificate to a user with a certain role.
 
@@ -133,12 +136,12 @@ You can set Client Certificates to use on all connections on `ConnectionSettings
 ----
 public class PkiCluster : CertgenCaCluster
 {
-    protected override ConnectionSettings Authenticate(ConnectionSettings s) => s <1>
+    protected override ConnectionSettings Authenticate(ConnectionSettings s) => s <1>
         .ClientCertificate(
             ClientCertificate.LoadWithPrivateKey(
-                this.Node.FileSystem.ClientCertificate, <2>
-                this.Node.FileSystem.ClientPrivateKey, <3>
-                "") <4>
+                this.Node.FileSystem.ClientCertificate, <2>
+                this.Node.FileSystem.ClientPrivateKey, <3>
+                "") <4>
         );
 
     //hide
