How to avoid certificate's altnames opensearch dashboards

I have three nodes, opensearch master, opensearch data and opensearch dasboard.
I configured certificates for each node the same way, CN=${HOSTNAME}, but it doesn’t work with dashboards.

"message":"[ConnectionError]: Hostname/IP does not match certificate's altnames: IP: is not in the cert's list: "}

I have disabled transport hostname verification on all nodes false

There is distinguished names

How can I fix it? Thank you.

@mamol27 According to this the cluster forms between master and data, but only the dashboard is having issues, can you confirm?

If so, transport.enforce_hostname_verification: false has nothing to do with dashboards as it doesn’t use the transport layer.

Can you share your opensearch-dashboards.yaml file?
Ensure you have the below line if you wish to disable the ssl verification:
elasticsearch.ssl.verificationMode: none

Yes, connection between master and data works fine, with certificates did by this instruction Generate certificates - OpenSearch documentation

sa5uts-opm-1:~ # curl -XGET -u 'admin:admin' --insecure
ip            heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name           26          68   1    0.01    0.03     0.00 dir       -      sa5uts-opd-1           25          47   2    0.02    0.03     0.03 mr        *      sa5uts-opm-1

I want to use SSL verification but, I don’t want to have issues with [alt_names]. Or instruction without configuring /etc/ssl/openssl.cnf (or other file) for making each certificate.


opensearch.hosts: ["", ""]
opensearch.ssl.verificationMode: full
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
server.ssl.enabled: true
server.ssl.certificate: /opt/opensearch-dashboards/config/sa5uts-opk-1.pem
server.ssl.key: /opt/opensearch-dashboards/config/sa5uts-opk-1-key.pem
opensearch.ssl.certificateAuthorities: [ "/opt/opensearch-dashboards/config/root-ca.pem"]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"] true

@Anthony Thank you. I’ve found setting

opensearch.ssl.verificationMode: certificate

It works.