Hi,
Thanks for the detailed explanation and sorry for the Earlier post , I was not precise enough.
Catching up, I have ES configured with client authentication required (mutual tls).
For the Curl observation:
When I run the next curl against ES coordinator (coordinator-0-node.elasticsearch-4 which is resolvable in /etc/host) , and it works ( a json with the information of the coordinator is retrieve):
curl --key /tmp/client_key.pem --cacert /tmp/cacert.pem --cert /tmp/client_cert.pem https://coordinator-0-node.elasticsearch-4:31504
For the esrally observation:
esrally --track=pmc --target-hosts=coordinator-0-node.elasticsearch-4:31504 --pipeline=benchmark-only --client-options="use_ssl:true,verify_certs:false,ca_certs:'/tmp/cacert.pem',client_cert:'/tmp/client_cert.pem',client_key:'/tmp/client_key.pem'"
In the wireshark I see that the client certificate is not being sent during handshake process .
Ramón.