Without any additional configuration you can specify https:// host urls, but the certificates used to sign these requests will not verified (rejectUnauthorized: false). To turn on certificate verification you must specify an ssl: object either in the top level config or in each host config object and set rejectUnauthorized: true. The ssl config object can contain many of the same configuration options that tls.connect() accepts. For convenience these options are also listed in the configuration reference.

Specify a certificate authority that should be used to verify server certifcates on all nodes:

var client = new elasticsearch.Client({
  hosts: [
  ssl: {
    ca: fs.readFileSync('./cacert.pem'),
    rejectUnauthorized: true