Unknown_ca exception when using SSL in Elastic python-api

#1

Hello.

This is my engine client-side:

es_connection = Elasticsearch(
f'https://{elastic_config["ip"]}:{elastic_config["port"]}',
http_auth=("user", "password"),
use_ssl=True,
verify_certs=False,
sniff_on_start=True,
sniff_on_connection_fail=True,
sniffer_timeout=180,
timeout=5
)

And this is my security configured in a remote Elastic database:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: ../config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: ../config/certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: ../config/certs/elastic-certificates.p12 
xpack.security.http.ssl.truststore.path: ../config/certs/elastic-certificates.p12
xpack.security.http.ssl.client_authentication: optional

This configuration works fine. However after making my code as a service that runs as root the ssl exception unknown_ca keeps popping up, and the client receives an urllib3 error stating that the connection was refused. The config is derived from following this tutorial: https://www.elastic.co/blog/elasticsearch-security-configure-tls-ssl-pki-authentication

Unknown_ca error is: javax.net.ssl.SSLHandshakeException: Recieved fatal alert: unknown_ca while the Urllib error is a connection refused recieved client side.

What is wrong with my configuration? Why does it work correctly as non-root but not in root/sudo mode?