If I add: verificationmode and authorities , wouldn't these options be for everything?
no, server.ssl and elasticsearch.ssl are different config options. You cannot set verificationmode for server.ssl and have to use "real" certificate:
server.ssl.enabled: true
server.ssl.key: ...
server.ssl.certificate: ...
server.ssl. certificateAuthorities: ...
you can use self-signed certificate for elasticsearch.ssl tho:
elasticsearch.ssl.certificateAuthorities: ...
elasticsearch.ssl.verificationMode: "certificate"