-
You need to set
xpack.security.http.ssl.client_authentication
to eitheroptional
orrequired
as instructed in the documentation I have shared earlier:The transport or http interface must request client certificates by setting
client_authentication
tooptional
orrequired
. -
You have set
xpack.security.http.ssl.certificate_authorities: ["/etc/elasticsearch/xpack/tls/cert.crt"]
which means that your clients can only use that specific self signed certificate for authentication. You don't specify what's in the JKS keystore that you use in your code, but I'd thought I'd mention it should contain your
cert.key
andcert.crt
(with your current, configuration that is)
When your Elasticsearch configuration is completed, please try to verify it with curl as such
curl --cert cert.crt --key cert.key --cacert cert.crt 'https://localhost:9200/_xpack/security/_authenticate?pretty'
before focusing again on your client side code.