OpenSearch/x-pack/docs/en/security/authentication/pki-realm.asciidoc

[[pki-realm]]
=== PKI user authentication

You can configure {security} to use Public Key Infrastructure (PKI) certificates
to authenticate users in {es}. This requires clients to present X.509
certificates.

NOTE: You cannot use PKI certificates to authenticate users in {kib}.

To use PKI in {es}, you configure a PKI realm, enable client authentication on
the desired network layers (transport or http), and map the Distinguished Names
(DNs) from the user certificates to {security} roles in the
<<mapping-roles, role mapping file>>.

See {ref}/configuring-pki-realm.html[Configuring a PKI realm].

[[pki-settings]]
==== PKI Realm Settings

See {ref}/security-settings.html#ref-pki-settings[PKI realm settings].
[DOCS] Migrated security topics from x-pack repo to x-pack-elasticsearch. Original commit: elastic/x-pack-elasticsearch@e54aa1fd0a2f0e60013d7e427329e4408fa578fe 2017-04-06 18:29:29 -07:00			`[[pki-realm]]`
[DOCS] Adds PKI realm configuration details (#30225) 2018-05-01 13:47:24 -07:00			`=== PKI user authentication`
[DOCS] Migrated security topics from x-pack repo to x-pack-elasticsearch. Original commit: elastic/x-pack-elasticsearch@e54aa1fd0a2f0e60013d7e427329e4408fa578fe 2017-04-06 18:29:29 -07:00
			`You can configure {security} to use Public Key Infrastructure (PKI) certificates`
[DOCS] Clarify PKI realm support (elastic/x-pack-elasticsearch#3703) Original commit: elastic/x-pack-elasticsearch@55da7a07d1fa57a1fb4b001a986ff37948928b07 2018-01-24 08:32:23 -08:00			`to authenticate users in {es}. This requires clients to present X.509`
			`certificates.`

			`NOTE: You cannot use PKI certificates to authenticate users in {kib}.`

			`To use PKI in {es}, you configure a PKI realm, enable client authentication on`
			`the desired network layers (transport or http), and map the Distinguished Names`
			`(DNs) from the user certificates to {security} roles in the`
			`<<mapping-roles, role mapping file>>.`
[DOCS] Migrated security topics from x-pack repo to x-pack-elasticsearch. Original commit: elastic/x-pack-elasticsearch@e54aa1fd0a2f0e60013d7e427329e4408fa578fe 2017-04-06 18:29:29 -07:00
[DOCS] Adds PKI realm configuration details (#30225) 2018-05-01 13:47:24 -07:00			`See {ref}/configuring-pki-realm.html[Configuring a PKI realm].`
[DOCS] Migrated security topics from x-pack repo to x-pack-elasticsearch. Original commit: elastic/x-pack-elasticsearch@e54aa1fd0a2f0e60013d7e427329e4408fa578fe 2017-04-06 18:29:29 -07:00
			`[[pki-settings]]`
[DOCS] Adds PKI realm configuration details (#30225) 2018-05-01 13:47:24 -07:00			`==== PKI Realm Settings`
[DOC] Miscellaneous security doc updates (elastic/x-pack-elasticsearch#1908) - Document refresh interval for role mapping files - Fix obsolete shield reference in transport profile example - Clarify that AD & PKI don't support run_as - Fix logstash conf examples - Clarify interaction of SSL settings and PKI realm settings - Document PKI DN format, and recommend use of pki_dn metadata - Provide more details about action.auto_create_index during setup Original commit: elastic/x-pack-elasticsearch@49ddb12a7e8ce390948cac354d1b3bfc4ee9a9ae 2017-07-07 13:33:35 +10:00
[DOCS] Adds PKI realm configuration details (#30225) 2018-05-01 13:47:24 -07:00			`See {ref}/security-settings.html#ref-pki-settings[PKI realm settings].`