@pablo
It seems that I have found the issue. There seems to be a new configuration key “keystore_keypassword” which is undocumented.
It’s counterpart “keystore_keypassword_secure” is mentioned in the section " Separate client and server keystore and truststore files" (Configuring TLS certificates - OpenSearch Documentation).
The following configuration is working:
plugins:
security:
ssl:
transport:
keystore_type: PKCS12
keystore_filepath: certs/opse1.my.domain.pfx
keystore_password: thisisastupidpassword
keystore_keypassword: thisisastupidpassword
truststore_type: PKCS12
truststore_filepath: certs/my-truststore.p12
truststore_password: thisisanotherstupidpassword