I know nothing about Search Guard, so I can't be of much specific help. It seems to me that the certificate you provided is not the appropriate, valid CA certificate, which is what --certificate is supposed to point to. Regardless, you can't suppress the urllib3 message when using --ssl-no-validate. It is a warning that you are not verifying the security chain. It doesn't mean that the transaction is not going over SSL, just that security cannot be guaranteed because the certificate chain is unverified.
Depending on how Search Guard works, you might be able to use --client-cert and --client-key (generated and signed by the same CA that you used for the security solution you're using).