Without any additional configuration you can specify https:// node urls, but the certificates used to sign these requests will not verified (rejectUnauthorized: false). To turn on certificate verification you must specify an ssl object either in the top level config or in each host config object and set rejectUnauthorized: true. The ssl config object can contain many of the same configuration options that tls.connect() accepts.

const { Client } = require('@elastic/elasticsearch')
const client = new Client({
  node: 'http://localhost:9200',
  auth: {
    username: 'elastic',
    password: 'changeme'
  },
  ssl: {
    ca: fs.readFileSync('./cacert.pem'),
    rejectUnauthorized: true
  }
})