Update Configure SSL/TLS for self-managed Fleet Servers (#5514)

natasha-moore-elastic · web-flow · commit 2fd3a4e6d1bc · 2026-03-17T09:10:00.000Z
## Summary Updates the Elastic Defend callout on the **Configure SSL/TLS for self-managed Fleet Servers** page to reflect that Elastic Endpoint supports Elliptic Curve (EC) keys starting in 9.1, aligning with the Elastic Defend requirements update in #5344. Related to #1133 (comment). ## Generative AI disclosure  1. Did you use a generative AI (GenAI) tool to assist in creating this contribution? - [ ] Yes - [x] No
diff --git a/reference/fleet/secure-connections.md b/reference/fleet/secure-connections.md
@@ -40,7 +40,13 @@ Key passwords are not currently supported.
 
 
 ::::{important}
-When you run {{agent}} with the {{elastic-defend}} integration, the [TLS certificates](https://en.wikipedia.org/wiki/X.509) used to connect to {{fleet-server}} and {{es}} need to be generated using [RSA](https://en.wikipedia.org/wiki/RSA_(cryptosystem)). For a full list of available algorithms to use when configuring TLS or mTLS, see [Configure SSL/TLS for standalone {{agents}}](/reference/fleet/elastic-agent-ssl-configuration.md). These settings are available for both standalone and {{fleet}}-managed {{agent}}.
+When you run {{agent}} with the {{elastic-defend}} integration, note the following TLS certificate requirements:
+
+* {applies_to}`stack: ga 9.1+` The [TLS certificates](https://en.wikipedia.org/wiki/X.509) used to connect to {{fleet-server}} and {{es}} can use either [RSA](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) or Elliptic Curve (EC) keys.
+
+* {applies_to}`stack: ga =9.0` The TLS certificates used to connect to {{fleet-server}} and {{es}} need to be generated using RSA.
+
+For a full list of available algorithms to use when configuring TLS or mTLS, refer to [Configure SSL/TLS for standalone {{agents}}](/reference/fleet/elastic-agent-ssl-configuration.md). These settings are available for both standalone and {{fleet}}-managed {{agent}}.
 ::::
 
 
