Admin Certificate Generation in K8s

Hi ,

I have used Let’s Encrypt to generate domain certificate

kind: Certificate
  name: opensearch-cert
  namespace: opensearch
  - <mydomain>
  secretName: opensearch-tls
    encoding: PKCS8
    algorithm: RSA
    size: 2048
    name: letsencrypt-prod
    kind: ClusterIssuer

It generated 1 secrets, it has 2 data tls.crt and tls.key. 3 certificates are present in tls.crt namely domain cert , Intermediate R3 CA and Root CA.
My opensearch is working correctly over https.

I am not able to run with the domain certificate , opensearch say i need to generate admin certificate.

what I already tried :
1. I tried to use tls.crt and tls.key to generate an admin certificate in my local machine using openssl and mounted it to k8s. - I get an error unknown certificate when i try to run with the admin certificate.
2. I tried to use kirk.pem and kir-pem.key as admin certificate , I get java path error.

Now how can i generate the admin certificate ?


Used searchguard tls tool / bash scripts to generate certs and used the admin cert.

1 Like

Hi Malone,
Can you share how did you use the searchguard tls tool to generate the admin certificate?