Describe the enhancement:
Elastic endpoint currently allows a custom defined global artifacts base_url and verification of the server certificate of this url against a custom ca_cert. However, there are no configuration options for defining a client cert/key to provide full mTLS authentication.
Describe a specific use case for the enhancement or feature:
Deployment in air-gapped, secure environments with apache/nginx artifacts servers that require client certificate authentication. This aligns with the mTLS options for fleet, kibana, and elasticsearch and would result in more complete adoption of mTLS.
What is the definition of done?
Defend integration allows setting path variables to a PEM-encoded certificate and key for client auth. Elastic-endpoint uses the configured PEM files when downloading/refreshing artifacts.
Describe the enhancement:
Elastic endpoint currently allows a custom defined global artifacts base_url and verification of the server certificate of this url against a custom ca_cert. However, there are no configuration options for defining a client cert/key to provide full mTLS authentication.
Describe a specific use case for the enhancement or feature:
Deployment in air-gapped, secure environments with apache/nginx artifacts servers that require client certificate authentication. This aligns with the mTLS options for fleet, kibana, and elasticsearch and would result in more complete adoption of mTLS.
What is the definition of done?
Defend integration allows setting path variables to a PEM-encoded certificate and key for client auth. Elastic-endpoint uses the configured PEM files when downloading/refreshing artifacts.