Hi,
Like I wrote before
when
plugins.security.ssl.http.enabled: false - there is no error and I can succesfully connect
when
plugins.security.ssl.http.enabled: true - the error pop-up
# ======================== OpenSearch Configuration =========================
#
# NOTE: OpenSearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.opensearch.org
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: opensearch-mycluster-name
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /mydata/opensearch
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# OpenSearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: host_IP_here
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["hotsname_dns1", "hotsname_dns2", "hotsname_dns3"]
#
# Bootstrap the cluster using an initial set of cluster-manager-eligible nodes:
#
cluster.initial_cluster_manager_nodes: ["node-1"]
#cluster.initial_cluster_manager_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#plugins.security.disabled: true
#http.max_content_length
search.max_buckets: 100000
path.repo: ["/myapp/snap"]
######## Start OpenSearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
#cert Transport
plugins.security.ssl.transport.pemcert_filepath: SSL/Transport/node1.pem
plugins.security.ssl.transport.pemkey_filepath: SSL/Transport/node1-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: SSL/Transport/root-ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.ssl.http.enabled: true
#cert Mycerts
plugins.security.ssl.http.keystore_type: PKCS12
plugins.security.ssl.http.keystore_filepath: SSL/mycerts/opens-keystore.pfx
plugins.security.ssl.http.keystore_password: PASS_WORD
plugins.security.ssl.http.truststore_type: PKCS12
plugins.security.ssl.http.truststore_filepath: SSL/mycerts/opens-keystore.pfx
plugins.security.ssl.http.truststore_password: PASS_WORD
plugins.security.ssl.http.enabled_protocols:
- "TLSv1.2"
- "TLSv1.1"
- "TLSv1"
plugins.security.nodes_dn:
- 'CN=hotsname_dns1,OU=TS,O=myORG,L=city,ST=dist,C=XX'
- 'CN=hotsname_dns2,OU=TS,O=myORG,L=city,ST=dist,C=XX'
- 'CN=hotsname_dns1,OU=TS,O=myORG,L=city,ST=dist,C=XX'
plugins.security.allow_unsafe_democertificates: true
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- CN=mycn,OU=myou,O=myORG,L=city,ST=dist,C=XX
plugins.security.audit.type: debug
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
#node.max_local_storage_nodes: 3
logger.org.elasticsearch.index.reindex: debug
#plugins.security.kerberos.krb5_filepath: '/etc/krb5.conf'
#plugins.security.kerberos.acceptor_keytab_filepath: 'eskeytab.tab'
######## End OpenSearch Security Demo Configuration ########