Add esTransportCertPassword parameter to the docs

docs/azure-arm-template.asciidoc

@@ -1381,7 +1381,11 @@ typically want to do this when also deploying an external loadbalancer or Applic
 do this when deploying only Kibana, to secure internal traffic
 between Kibana and Elasticsearch through the internal load balancer.
 
-Configuring TLS for the HTTP layer requires xPackPlugins be set to `Yes`, and the following parameters can be used
+Configuring TLS for the HTTP layer requires `xPackPlugins` be set to `Yes` for 5.x versions, 
+6.x versions less than 6.8.0 and 7.x versions less than 7.1.0. With `xPackPlugins` set to `Yes`, a trial
+license will be applied to the cluster, which allows TLS to be configured on these versions.
+
+The following parameters can be used
 
 `esHttpCertBlob`::
 A base 64 encoded string of the PKCS#12 archive containing the certificate and key with which to secure the HTTP layer. This certificate will be used by all nodes within the cluster.
@@ -1436,7 +1440,10 @@ The certificate to secure the HTTP layer *must* include a Subject Alternative Na
 ==== Transport layer
 
 You can secure communication between nodes in the cluster with TLS on the Transport layer of Elasticsearch.
-Configuring TLS for the Transport layer requires `xPackPlugins` be set to `Yes`.
+Configuring TLS for the Transport layer requires `xPackPlugins` be set to `Yes` for 5.x versions, 
+6.x versions less than 6.8.0 and 7.x versions less than 7.1.0. With `xPackPlugins` set to `Yes`, a trial
+license will be applied to the cluster, which allows TLS to be configured on these versions.
+
 The following parameters can be used
 
 `esTransportCaCertBlob`::
@@ -1445,10 +1452,13 @@ certificate and private key, used to generate a unique certificate for each node
 the cluster. Each generated certificate contains a Subject Alternative Name DNS entry with
 the hostname and an ipAddress entry with the private IP address.
 
-`esTransportCertPassword`::
+`esTransportCaCertPassword`::
 Optional passphrase for the PKCS#12 archive encoded in `esTransportCaCertBlob`. Defaults
 to empty string as the archive may not be protected.
 
+`esTransportCertPassword`::
+Optional passphrase for each PKCS#12 archive generated by the CA certificate supplied in `esTransportCaCertBlob`.
+
 One way to generate a PKCS#12 archive containing a CA certificate and key is using
 {elasticdocs}/certutil.html[Elastic's certutil command utility].
 
@@ -1507,15 +1517,15 @@ can be downloaded from a public URI at deployment time.
 [float]
 === Elastic Stack features (formerly X-Pack)
 
-A trial license for the Platinum features of the Elastic Stack can be deployed for
+A trial license for the {subscriptions}[platinum features] of the Elastic Stack can be deployed for
 Elasticsearch, and Kibana if also deployed, using the following parameter
 
 `xPackPlugins`::
 Select `Yes` to install a trial license of the platinum features. A trial license
 provides access to platinum features for 30 days. a value of `No`
 +
-. for Elasticsearch and Kibana 6.3.0+ will deploy with a free perpetual license
-providing access to the basic features. These versions use a distribution with
+. for Elasticsearch and Kibana 6.3.0+ will deploy with a free perpetual basic license
+providing access to the {subscriptions}[basic features]. These versions use a distribution with
 Elastic Stack features included in the installation, and the license applied determines which
 features are activated.
 . for Elasticsearch and Kibana prior to 6.3.0, the X-Pack plugin will not be
@@ -1612,4 +1622,4 @@ semicolon. For example,
 Any additional plugins installed are added to the
 {elasticguide}/plugins/{current}/_plugins_directory.html[`plugin.mandatory` setting
 in elasticsearch.yml configuration], to ensure that a node will start only when
-it has all mandatory plugins.
+it has all mandatory plugins.