Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch version v 2.19.1Running on RHEL 9
Describe the issue:
We are trying to deploy a Machine Learning Model to our cluster but we are receiving the following error:
unable to find valid certification path to requested target
Both Opensearch and Opensearch Dashboards are running on the same server with the same certs.
I put the model zip file on the same host available via a url, again using the same certs and am seeing that error.
Not sure where to go so any help would be appreciated!
Please let me know if there are any relevant files/configs that would help inform the issue.
The SSL error indicates that the OpenSearch JVM can’t trust the certificate chain, often due to the root/intermediate CA not being in the JVM truststore. Check that the full certificate chain is in the cacerts or custom truststore and ensure the model URL uses the correct cert. Also, verify permissions and paths in opensearch.yml for any custom configurations. This is likely a trust path issue, not a bug in OpenSearch.
@sonkaranjali@shorrocka I’ve tested Ollama with HTTPS reverse proxy and self-signed certificates.
The ML plugin doesn’t offer an option to present a self-signed certificate. In this case, the plugin will try to source it from the mentioned by you @sonkaranjali/usr/share/opensearch/jdk/lib/security/cacerts
Adding a model’s self-sign cert to that keystore will allow the ML plugin to communicate with the model using SSL connection.