I have a 2 node ES cluster running on RHEL7 with searchguard installed and configured with http client cert auth.
ES cluster works perfectly.
Curl with key/cert works for the role defined things
Though my cluster is in a green state, and I am having no issues with my applications connecting, I am seeing the following in the logs:
[2018-05-31T14:00:08,931][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for null
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from clientcert http authenticator
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] User still not authenticated after checking 1 auth domains
which is repeatedly spamming my logs, even when I have no applications running against my ES cluster. How can I determine where this is coming from?