Support for CRL/OCSP in PKI realm?

We are looking to start using PKI authentication in our cluster and I'm wondering what options are available to check revocation for client certificates. Are there are any config options in the PKI realm (or even in the JVM settings) that would allow us to point at a CRL or, better yet, an OCSP responder?

Based on similar threads I found for Logstash and Filebeat, I'm assuming this isn't supported in Elasticsearch at the moment, but I wanted to make sure I'm not just missing something in the documentation.

This isn't supported.

If it's important to you, and you have access to raise support tickets, then I would encourage you to open a ticket & ask for it to be tracked as an enhancement request.

Thanks for confirming @TimV! I'll work on an enhancement request.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.