OpenSearch/x-pack/docs/en/security/authentication/pki-realm.asciidoc

18 lines
799 B
Plaintext
Raw Normal View History

[role="xpack"]
[[pki-realm]]
=== PKI user authentication
You can configure {es} to use Public Key Infrastructure (PKI) certificates to
authenticate users. In this scenario, clients connecting directly to {es} must
present X.509 certificates. First, the certificates must be accepted for
authentication on the SSL/TLS layer on {es}. Then they are optionally
further validated by a PKI realm. See <<pki-realm-for-direct-clients>>.
You can also use PKI certificates to authenticate to {kib}, however this
requires some additional configuration. On {es}, this configuration enables {kib}
to act as a proxy for SSL/TLS authentication and to submit the client
certificates to {es} for further validation by a PKI realm. See
<<pki-realm-for-proxied-clients>>.
include::configuring-pki-realm.asciidoc[]