Elasticsearch uses the Java Security Manager. That one is configured to be only able to read certain directories in the file system - so if there is a security issue in the Elasticsearch code base, an attacker could not use this to read arbitrary files. Because of this mechanism you need to put your certificate files in the config directory.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.