Cannot load Opensearch Dashboards after adding certificates

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearch: 2.12.0
opensearch-dashboards: 2.12.0
OS: Debian
Browser: Chrome

Describe the issue:
I installed Opensearch and Opensearch Dashboards. It worked well after following the docs online.
However I decided to change the certificates to have my own (after following the generate-certificates tutorial and the information here Configure TLS - OpenSearch Documentation) and it started not working well. Opensearch still works and give replies when I curl and I can also access it.
But that’s not the case for Opensearch-Dashboards, it says :
curl: (7) Failed to connect to localhost port 5601 after 0 ms: Couldn’t connect to server

I installed Opensearch and Opensearch-Dashboard for Debian.

This is my opensearch.yml config:

######## Start OpenSearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production /etc/opensearch/node1.pem /etc/opensearch/node1-key.pem /etc/opensearch/root-ca.pem true /etc/opensearch/node1.pem /etc/opensearch/node1-key.pem /etc/opensearch/root-ca.pem true
 - 'CN=XXXXX,O=YYYYY,L=ZZZZZZZ, C=AA' internal_opensearch true true ["all_access", "security_rest_api_access"] false true true [.plugins-ml-config, .plugins-ml-connector,
.plugins-ml-model-group, .plugins-ml-model, .plugins-ml-task, .plugins-ml-conversation-meta,
.plugins-ml-conversation-interactions, .plugins-ml-memory-meta, .plugins-ml-memory-message,
.opendistro-alerting-config, .opendistro-alerting-alert*, .opendistro-anomaly-results*,
.opendistro-anomaly-detector*, .opendistro-anomaly-checkpoints, .opendistro-anomaly-detection-state,
.opendistro-reports-*, .opensearch-notifications-*, .opensearch-notebooks, .opensearch-observability,
.ql-datasources, .opendistro-asynchronous-search-response*, .replication-metadata-store,
.opensearch-knn-models, .geospatial-ip2geo-data*, .plugins-flow-framework-config,
plugins-flow-framework-templates, .plugins-flow-framework-state] node.max_local_storage_nodes: 3
discovery.type: single-node

And this is my opensearch_dashboards.yml config:

server.port: 5601 ""
opensearch.hosts: []
opensearch.ssl.verificationMode: full
opensearch.username: kibanaserver
opensearch.password: kibanaserver
opensearch.requestHeadersWhitelist: [authorization, securitytenant]

opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only] false

server.ssl.enabled: false
server.ssl.certificate: /etc/opensearch/node1.pem
server.ssl.key: /etc/opensearch/node1-key.pem
opensearch.ssl.certificate: /etc/opensearch/admin.pem
opensearch.ssl.key: /etc/opensearch/admin-key.pem
opensearch.ssl.certificateAuthorities: [ "/etc/opensearch/root-ca.pem" ]

I found out that when I write in opensearch_dashboards.yml: “server.ssl.enabled: true”, I cannot reach https://localhost:5601

When I write in opensearch_dashboards.yml: “server.ssl.enabled: false”, I have a message: “Opensearch Dashboards is not ready yet”.

I havent taken a deeper look at your config yet but your


in your opensearch_dashboards.yaml is off, there should be the IP of your host, not - also could you maybe include some logs from dashboards itself

Hi @lokinoo,

According to the docs here: TLS certificates - OpenSearch documentation your certs i.e.: " must be under the config directory".

note: make sure the correct owner and permissions are assigned.