Admin certificates not working properly?

Hey,

Im not quite sure about this one. I have self signed certs for nodes and admin and the opensearch cluster boots fine and show green status.
When i try to restore a snapshot using admin certs i get “Unauthorized”

image1920×91 73.6 KB

Yet when I run the security admin tool, the certs are accepted. how come?

image1913×817 144 KB

Any help would be greatly appreciated.
Thanks

Moving this to the security category.

@YassineLazaar just to confirm that this case refers to GitHub issue https://github.com/opensearch-project/security/issues/1506

If so, I’ll use provided info and do some testing.

@YassineLazaar - some questions:

1. What is the DN for your admin certificate?
2. Do you have an internal user defined that matches the CN on your admin certificate?
3. Do you have certificate authentication enabled in config.yml (it is off by default)?

The security initialization does not rely on the internal user database (since it may not exist yet), but the API calls use the authentication defined in config.yml.

@DrEdWilliams this is admin user defined in authcz

authcz:
     admin_dn:
     - 'CN=admin-user,OU=Devops,O=Company,L=NJ,C=US'

You don’t need to create a user as none of the roles will allow you to execute admin tasks. Only the users defined in admin_dn can execute restore when snapshot contains .opendistro_security index.