I have used Let’s Encrypt to generate domain certificate
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: opensearch-cert namespace: opensearch spec: dnsNames: - <mydomain> secretName: opensearch-tls privateKey: encoding: PKCS8 algorithm: RSA size: 2048 issuerRef: name: letsencrypt-prod kind: ClusterIssuer
It generated 1 secrets, it has 2 data tls.crt and tls.key. 3 certificates are present in tls.crt namely domain cert , Intermediate R3 CA and Root CA.
My opensearch is working correctly over https.
I am not able to run securityadmin.sh with the domain certificate , opensearch say i need to generate admin certificate.
what I already tried : 1. I tried to use tls.crt and tls.key to generate an admin certificate in my local machine using openssl and mounted it to k8s. - I get an error unknown certificate when i try to run securityadmin.sh with the admin certificate. 2. I tried to use kirk.pem and kir-pem.key as admin certificate , I get java path error. Now how can i generate the admin certificate ?