Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch- v2.7.0
Opensearch operator- v2.7.0
Describe the issue:
I want to disable TLS as my opensearch deployment is internal and I don’t need security for it. How can I proceed with that? I can’t find anything in the docs related to disabling the TLS.
Unfortunately, you can’t disable TLS setting for transport layer between nodes. Actually, it’s because the principle of security in OpenSearch is stronger than Elasticsearch. There are pros and cons somehow.
I’m wondering why you want to make the cluster not to be encrypted using TLS.
My Opensearch cluster would be internal (basically an internal API would call it) and won’t be accessible outside, I think it is unnecessary to use TLS for Opensearch in that case. Moreover, it is more work to handle.
Is it possible to disable TLS for the client to opensearch node?
1 Like
As opposed to a security policy of Elasticsearch, client including brower, bash or process(java, python, etc) should use https. I agree with your opinion that it’s a burden to manage CA certificates, but there’s no way to make Transport layer not to use TLS. I just recommend you using cert-manager for configuring secrets of certificates(admin-cert, transport-cert, and http-cert if you need).
ref: Securityadmin error when initializing the cluster - #2 by yeonghyeonKo
@sudddddd Have you tried to generate self-signed CA and it’s certificates using cert-manager?