OpenSearch/x-pack/docs/en/security/authentication/pki-realm.asciidoc

22 lines
730 B
Plaintext
Raw Normal View History

[role="xpack"]
[[pki-realm]]
=== PKI user authentication
You can configure {security} to use Public Key Infrastructure (PKI) certificates
to authenticate users in {es}. This requires clients to present X.509
certificates.
NOTE: You cannot use PKI certificates to authenticate users in {kib}.
To use PKI in {es}, you configure a PKI realm, enable client authentication on
the desired network layers (transport or http), and map the Distinguished Names
(DNs) from the user certificates to {security} roles in the
<<mapping-roles, role mapping file>>.
See {ref}/configuring-pki-realm.html[Configuring a PKI realm].
[[pki-settings]]
==== PKI realm settings
See {ref}/security-settings.html#ref-pki-settings[PKI realm settings].