I would just like to clarify if I understand this correctly. In the documentation it states that to use client certificate validation the SSL certificates need to be signed directly by the root ca.
So, if I have a client certificate with the path (Root CA) -> (Issuing CA) -> (Client Certificate) this is not going to work?
First, I used an SSL client certificate on the logstash side, with the winlogbeat side config using only certificate_authorities for ssl checking. It was working ok. Now I'm trying to setup a client certificate for the winlogbeat, but it´s not connecting anymore. I'm trying to figure out if it is normal since my certificate is not signed directly by the rootCA or is my understanding of how to set it up somehow wrong. I'm using the same IssuerCA for all examples. I also tested the connectivity with curl and it looks ok.
Thank you in advance for help.