-
You need to set
xpack.security.http.ssl.client_authenticationto eitheroptionalorrequiredas instructed in the documentation I have shared earlier:The transport or http interface must request client certificates by setting
client_authenticationtooptionalorrequired. -
You have set
xpack.security.http.ssl.certificate_authorities: ["/etc/elasticsearch/xpack/tls/cert.crt"]which means that your clients can only use that specific self signed certificate for authentication. You don't specify what's in the JKS keystore that you use in your code, but I'd thought I'd mention it should contain your
cert.keyandcert.crt(with your current, configuration that is)
When your Elasticsearch configuration is completed, please try to verify it with curl as such
curl --cert cert.crt --key cert.key --cacert cert.crt 'https://localhost:9200/_xpack/security/_authenticate?pretty'
before focusing again on your client side code.