Support for CRL/OCSP in PKI realm?

cozbone43 · October 1, 2019, 7:48pm

We are looking to start using PKI authentication in our cluster and I'm wondering what options are available to check revocation for client certificates. Are there are any config options in the PKI realm (or even in the JVM settings) that would allow us to point at a CRL or, better yet, an OCSP responder?

Based on similar threads I found for Logstash and Filebeat, I'm assuming this isn't supported in Elasticsearch at the moment, but I wanted to make sure I'm not just missing something in the documentation.

TimV · October 4, 2019, 8:23am

This isn't supported.

If it's important to you, and you have access to raise support tickets, then I would encourage you to open a ticket & ask for it to be tracked as an enhancement request.

cozbone43 · October 14, 2019, 1:45pm

Thanks for confirming @TimV! I'll work on an enhancement request.

system · November 11, 2019, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.