I set-up Shield to use a PKI realm and force both Transport and HTTP to use SSL with client authentication. How should I configure the Marvel agent in such case ? Is it even possible to use Marvel with HTTPS and client authentication ?
The Marvel agent, when connecting to the monitoring cluster (same as production in my case), needs to provide a client certificate... But I see no way to define the keystore containing the client certificate to use. The config parameter
marvel.agent.exporter.es.ssl.truststore contains certificates to trust. But what about the identity certificate ?
Any experience with such a set-up ?
Note: using Elasticsearch 1.7, Shield 1.3 and Marvel 1.3