I have enabled the PKI in elasticsearch.yml as below: xpack.security.authc.realms.pki1.type: pki xpack.security.authc.realms.pki1.order: 1 xpack.security.authc.realms.pki1.certificate_authorities: [ path to cacert ] Where the first realm is the native realm of order 0. How to verify if PKI is e…

Verify PKI enabling in elastic nodes

ikakavas (Ioannis Kakavas) February 4, 2019, 9:33am 4

See point 4 in the doc I shared above.

Your http layer TLS configuration need to also trust the client certificate. So you also need to set

xpack.security.http.ssl.certificate_authorities

with the same value as

xpack.security.authc.realms.pki1.certificate_authorities

xpack.security.http.ssl.verification_mode: none

( I wouldn't suggest that)

1 Like

Topic		Replies	Views
ElasticSearch XPack - PKI Realm authentication defaults to native authentication Elasticsearch elastic-stack-security	4	2356	May 25, 2020
Configure PKI authentication for Elasticsearch 7.7 Elasticsearch elastic-stack-security	13	1063	January 10, 2023
Elasticsearch security PKI Elasticsearch elastic-stack-security	13	2196	September 19, 2019
Can't configure PKI authentication Elasticsearch	15	2908	July 6, 2017
Elasticsearch SSL/TLS PKI realm setup Elasticsearch elastic-stack-security	14	1944	April 6, 2021