Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearch 2.7.0
Describe the issue:
According this document -Generating self-signed certificates - OpenSearch documentation, I think every node needs each cert.
there are 8 nodes-manager 3, coordinating 1, data 4 on my env
so, do I need ALL node’s cert? or only Manager’s node??
Hey @cucukaka
Depend how your settingup this environment then yes.
plugins.security.nodes_dn:
- 'CN=node1.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'
- 'CN=node2.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'
Certificates are used to secure transport-layer traffic (node-to-node communication within your cluster)
The documentation also states the node certificates are Optional found here
@cucukaka You can also consider using OID for node certificates.
Please be aware that plugins.security.nodes_dn accepts regular expressions.