Python PKI authentication


Apologies if this is simple but I'm pretty new to worrying about security. X-Pack's Security functionality comes with out of the box PKI authentication - which is great. But I can only find Python examples for httpauth (basic username and password). Can anyone advise how to use PKI authentication with Python?



Since you're specifically asking about the python side, I'll restrict my answer to that, but if you have any questions about setting up the Elasticsearch side, or generating client certificates, please ask.

Also, it's not clear what version of python you're running, and whether you are using an Elasticsearch client library or not.

If you want to use the the official elasticsearch python client, it provides an example of using a client certificate here: You can drop the http_auth if you just want to use PKI authentication.

If you're not using an ES library, and just want to use builtin modules, then you can do something like this with http.client (in python 3)

import ssl
import http.client

context = ssl.create_default_context(cafile="server/ca/ca.crt")
context.load_cert_chain( "client/app01.crt" , keyfile="client/app01.key" , password="secret" )

connection = http.client.HTTPSConnection(host = "localhost" , port = 9200 , context = context )
connection.request("GET", "_xpack/security/_authenticate")

resp = connection.getresponse()
print( )


That assumes that the CA certificate for your elasticsearch cluster is in server/ca/ca.crt and your client certificate is client/app01.crt

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.