Configure opensearch for client certificate authentication

shaun.monera · February 11, 2025, 7:42pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Version 2.18

Describe the issue:
I’m running my opensearch behind a gateway that handles authentication and passes the user’s certificate in the header. I saw that i can enable client certificate authentication by adding plugins.security.ssl.http.clientauth_mode: OPTIONAL in the opensearch.yml. However, I don’t know where to add the clientcert_auth_domain settings. Documentation states to put it in the clientcert_auth_domain section of config.yml but I don’t where this file is

Configuration:

Relevant Logs or Screenshots:

Mantas · February 12, 2025, 9:44am

Hi @shaun.monera,

it will be under…/opensearch/config/opensearch-security/config.yml.

i.e:
/usr/share/opensearch/config/opensearch-security/config.yml

When updating setting under config.yml make sure to use securityadmin.sh to apply them to your cluster, more here: Applying changes to configuration files - OpenSearch Documentation

Best,
mj

Topic		Replies	Views
OpenSearch Keeps prompting for client authentication! Security	1	25	November 11, 2024
How can i authenticate my Opensearch users with client certificate Security	5	2127	October 19, 2021
Not able to setup client authentication with certificates Security	6	49	January 31, 2025
How to login with authentication? Security	1	262	July 10, 2023
Client cert auth Security troubleshoot	6	946	May 26, 2023

Configure opensearch for client certificate authentication

Related topics