I need to connect to S3 repo from elasticsearch to store snapshots.
Our S3 endpoint has mutual ssl authentication.
I have ca.crt, client.key, client.crt.
How to add these certs to java keystore, so that I can connect to s3 repository from elasticsearch.
Here is a documentation that explains how to add secure settings to the Elasticsearch keystore: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-es-secure-settings.html.
There is another documentation to create automated snapshots that can help you (it uses Google Cloud Storage in favor of S3): https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-snapshots.html.
there are no secure settings to add certificates under repository-s3 documentation.
https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository-s3-client.html.
In this cause how to add client certificates of s3 to my jvm? (elasticsearch running on xpack enabled).
I added certificates in my jvm keystore. Here my question is why elastic search ( with xpack) is not picking those certificates while making connection with S3??
Keystore property is overridden by elasticsearch to use its own keystore??
@bikkina_mahesh the documentation page you linked specifies that credentials should be added to the keystore.
This is what we also call "secure settings".
You can follow ECK documentation on adding secure settings to the keystore for those.