I ran into the same problem. Not sure if my findings will help you since I am struggling at an other point right now.
When trying to setup es with searchguard all from scratch without using bundle and example scripts, I stumbled over something interesting in elasticsearch.yml.example
This is optional
Only needed when impersonation is used
Allow DNs (distinguished names) to impersonate as other users
On first glance I was no able to find any lines like the above in the yml files provided with the bundles I used.
On Sunday, February 26, 2017 at 4:28:04 AM UTC+1, Abhinay Thurlapati wrote:
I would like to validate the requests via client certificate. Following the documentation, I understood that I need to specify the “http_authenticator.type” as “clientcert”. There it is mentioned to click on TLS Client Certification for further details. However I could see, it is redirecting to HTTP Basic Authentication page.
Please provide the configuration details I need to follow in order to validate the client certificates.