Admin Certificate Generation in K8s

Malone · June 6, 2022, 2:23pm

Hi ,

I have used Let’s Encrypt to generate domain certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: opensearch-cert
  namespace: opensearch
spec:
  dnsNames:
  - <mydomain>
  secretName: opensearch-tls
  privateKey:
    encoding: PKCS8
    algorithm: RSA
    size: 2048
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer

It generated 1 secrets, it has 2 data tls.crt and tls.key. 3 certificates are present in tls.crt namely domain cert , Intermediate R3 CA and Root CA.
My opensearch is working correctly over https.

I am not able to run securityadmin.sh with the domain certificate , opensearch say i need to generate admin certificate.

what I already tried :
1. I tried to use tls.crt and tls.key to generate an admin certificate in my local machine using openssl and mounted it to k8s. - I get an error unknown certificate when i try to run securityadmin.sh with the admin certificate.
2. I tried to use kirk.pem and kir-pem.key as admin certificate , I get java path error.

Now how can i generate the admin certificate ?

Malone · June 10, 2022, 12:12am

UPDATE:

SOLVED.
Used searchguard tls tool / bash scripts to generate certs and used the admin cert.

NodeMT · April 7, 2023, 5:19am

Hi Malone,
Can you share how did you use the searchguard tls tool to generate the admin certificate?
Thanks

Topic		Replies	Views
OpenSearch not creating admin-cert after removing http on tls block Security security-issue	10	96	October 10, 2024
Self-signed certificat : securityadmin.sh returns an error OpenSearch troubleshoot	3	248	March 5, 2024
SSL HandShake issues using self signed admin-cert and http letsencrypt certificates Security	1	127	August 12, 2024
K8s: Define SSL certificates via secrets Security configure	38	4671	June 4, 2024
Issue with securityadmin script using lets encrypt intermediate certificate Security	3	1018	April 16, 2020

Admin Certificate Generation in K8s

Related topics