Per conversation with @nimarezainia , the following settings need renaming and better clarification, as they are currently misleading:

• Server SSL certificate authorities -> Rename to "Fleet Server > Elastic Agents certificate authorities". Inside the box: "Specify the CA certificate(s) that signed the Elastic Agent client certificates connecting to this Fleet Server. Fleet Server trusts these CAs when verifying incoming connections."

• Client SSL certificate -> Rename to "Fleet Server > SSL server certificate". Inside the box write something like: "Specify the Fleet Server SSL certificate used to secure communication with incoming Elastic Agent connections."

• Client SSL certificate key -> Rename to "Fleet Server > SSL server private key". Inside the box: "Specify the Fleet Server SSL key used to secure communication with incoming Elastic Agent connections."

And...

• Elasticsearch certificate authorities -> Rename to "Fleet Server > Elasticsearch certificate authorities". Inside the box: "Specify the Elasticsearch CA certificate(s) that Fleet Server should trust when connecting to Elasticsearch."

• SSL certificate for Elasticsearch -> Rename to "Fleet Server > SSL client certificate for Elasticsearch". Inside the box: "Specify the SSL client certificate that the Fleet Server should use when connecting to Elasticsearch. Only needed for mTLS between Fleet Server and Elasticsearch."

• SSL certificate key for Elasticsearch -> Rename to "Fleet Server > SSL private key for Elasticsearch". Inside the box: "Specify the SSL key that the Fleet Server should use when connecting to Elasticsearch. Only needed for mTLS between Fleet Server and Elasticsearch.".

Notes: I'm proposing Fleet Server > prefix to clarify that the setting will be used by the Fleet Server. We are missing 3 extra settings in this UI that will be used by Elastic Agent, so this is a good way to differentiate them if we cannot do it better in the UI. I'm adding the missing settings in a separate issue.