Issue with hot-reloading certificates on Windows

**On behalf of a user of Slack **

"I have installed OpenSearch v2.8.0 on Windows and was successfully able to use securityadmin.bat and my admin cert/key to configure my internal users. I needed a way to hot-reload the certificates which apparently can only be done using REST and auth with admin cert:

  • PowerShell’s Invoke-WebRequest and a PFX generated from the admin PEMs didn’t work.
  • Windows’ curl.exe seems to be incapable to doing cert auth and didn’t work.
  • curl for Windows also didn’t work with alert certificate unknown.


  1. Is there any way to authenticate with admin certs on Windows?
  2. Is there any other way to hot-reload the certs, perhaps using securityadmin.bat or even a periodical auto-reload like ES has?"

Hi Miki,

Do you have set to true in your opensearch.yml ? true

Could you please confirm if the certificates were issued by the same issuer and subject DN and SAN (as per API - OpenSearch documentation)?

Moreover, please provide me with the curl command you are using.


There is also an issue on GitHub that proposes a work around so the admin cert isn’t needed.