Fails on SSL when using REST API on Getting Started local docker compose cluster

Hi all,

I was following the getting started guide, in, and it works when using OpenSearch Dashboards, but when I try to use it’s REST API I’m getting SSL errors:

$ curl -XGET https://localhost:9200/_cluster/settings
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

In the logs I have:

opensearch-node1       | [2022-01-19T10:39:57,736][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [opensearch-node1] Exception during establishing a SSL connection: Received fatal alert: unknown_ca
opensearch-node1       | Received fatal alert: unknown_ca
opensearch-node1       | 	at ~[?:?]
opensearch-node1       | 	at ~[?:?]
opensearch-node1       | 	at ~[?:?]
opensearch-node1       | 	at$AlertConsumer.consume( ~[?:?]

I tried editing docker-compose.yml and added:


but it didn’t help.

Once I solve this it can be used as reference here, but anyone who can hint me at the right direction is much appreciated :pray:

The solution I found was to turn off the Security Plugin which contains the SSL functionality.
You do this by inserting the following line to both data-node service definitions, under environment:


Also you need to change Dashboards configuration to access OpenSearch without httpS, by modifying the line and replacing https with http:

      OPENSEARCH_HOSTS: '["http://opensearch-node1:9200","http://opensearch-node2:9200"]'

So, an even simpler solution. Leave Docker Compose file as is, but tune cURL arguments:

curl -XGET https://localhost:9200/_cluster/settings --insecure -u admin:admin
  1. `–insecure`` remove certificate validations
  2. -u admin:admin provides the required credentials since Security Plugin is protecting endpoints using basic authentication
1 Like