Can't get _plugins/_security/api/nodesdn

When I try to call GET _plugins/_security/api/nodesdn, I get an error:
{ "status" : "FORBIDDEN", "message" : "API allowed only for admin." }
My opensearch.yml: /usr/share/opensearch/config/node.pem /usr/share/opensearch/config/node-key.pem /usr/share/opensearch/config/root-ca-new.pem false true /usr/share/opensearch/config/node.pem /usr/share/opensearch/config/node-key.pem /usr/share/opensearch/config/root-ca-new.pem true
  - 'CN=node*,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA' internal_opensearch true true ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
opendistro_security.audit.config.disabled_rest_categories: NONE true
opendistro_security.audit.config.disabled_transport_categories: NONE


What version of opensearch are you running? The message would indicate that you need to use admin certificate to call this API.

Latest version. Login with admin:admin. How to loging with admin certificate?

The admin certificate is the one configured in opensearch.yaml

You should be able to run curl like below:

curl --insecure -XGET “https://localhost:9200/_plugins/_security/api/nodesdn” --cert /usr/share/opensearch/config/kirk.pem --key /usr/share/opensearch/config/kirk-key.pem
(kirk.pem and kirk-key.pem being the admin certificates in this case)

But how can i do this with REST API?

@Melok I don’t follow your question. This is indeed a REST API call using curl command I provided.
If you are asking how can you run it from Opensearch Dashboards dev tools, I don’t think you can, because you need to provide the admin certificate.

1 Like

Yes, I wanted to run from DevTools. Thanks for your answer.