3. Export the node's certificate:
   `keytool -export -alias test-node -keystore test-node.jks -storepass keypass -file test-node.crt`
4. Import the node certificate in the client's keystore:
   `keytool -import -alias test-node -keystore test-client.jks -storepass keypass -file test-node.crt -noprompt`
5. Export the client's certificate:
   `keytool -export -alias test-client -keystore test-client.jks -storepass keypass -file test-client.crt`

    val callbackHandler = ConsoleCallbackHandler

    val builderList: List<KeyStore.Builder> =
      listOf(
        KeyStore.Builder.newInstance("PKCS11", null, KeyStore.CallbackHandlerProtection(callbackHandler)),
        // Example if you want to combine multiple keystore types
        // KeyStore.Builder.newInstance("PKCS12", null, File("keystore.p12"), PasswordProtection("rosebud".toCharArray()))
      )

                    c.setting("xpack.security.transport.ssl.keystore.path", "test-node.jks");
                    c.setting("xpack.security.http.ssl.keystore.path", "test-node.jks");
                    c.keystore("xpack.security.transport.ssl.keystore.secure_password", "keypass");
                    c.keystore("xpack.security.http.ssl.keystore.secure_password", "keypass");
                    // copy keystores & certs into config/

limitation.

==== Keystore Password

In FIPS 140-2 mode, the elasticsearch keystore needs to be password protected with a password
of appropriate length. This is handled automatically in `fips.gradle` and the keystore is unlocked
on startup by the test clusters tooling in order to have secure settings available. However, you
might need to take into consideration that the keystore is password-protected with `keystore-password`

  }

  private fun newEmptyKeyStore(keyStoreType: String?): KeyStore =
    KeyStore.getInstance(keyStoreType ?: KeyStore.getDefaultType()).apply {
      val inputStream: InputStream? = null // By convention, 'null' creates an empty key store.
      load(inputStream, password)
    }

        }

        // Optionally store in KeyStore
        if (keyStore != null) {
            try {
                KeyStore.SecretKeyEntry keyEntry = new KeyStore.SecretKeyEntry(secretKey);
                KeyStore.ProtectionParameter protection = new KeyStore.PasswordProtection(keyStorePassword);
                keyStore.setEntry("smb.session." + sessionId, keyEntry, protection);

            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("server", certificate);

            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);

      throws GeneralSecurityException, IOException {
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    try (InputStream in = new FileInputStream(keystoreFile)) {
      keystore.load(in, password.toCharArray());
    }
    KeyManagerFactory keyManagerFactory =
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keystore, password.toCharArray());

login.configuration.provider=sun.security.provider.ConfigFile
policy.provider=sun.security.provider.PolicyFile
policy.expandProperties=true
policy.allowSystemProperty=true
policy.ignoreIdentityScope=false
keystore.type=BCFKS
keystore.type.compat=true
package.access=sun.misc.,\
               sun.reflect.
package.definition=sun.misc.,\
                   sun.reflect.
security.overridePropertiesFile=true
ssl.KeyManagerFactory.algorithm=PKIX

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.internal.platform

import java.security.KeyStore
import java.security.Provider
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLSocket
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509TrustManager