I'm trying to enable mutual TLS between all the components. I managed to set up TLS between Kibana and Elasticsearch. But it doesn't work as I would expect.
I want to keep "xpack.security.http.ssl.client_authentication" setting "required". However, in the documentation in order to allow end users to authenticate using credentials, this setting has to be set to "optional".
When I keep "xpack.security.http.ssl.client_authentication" setting "required", I cannot log in to Kibana. When it's "optional", I can access Elastic using only CA and credentials.
Is there any way to require all the ELK components to request a certificate from client connections but log in to Kibana using only credentials?