Issue with Oependistro SSL configuration using Intermediate and Digi certificates

vikasgurlinka · October 20, 2020, 10:24am

Hi,

I am trying to configure open distro security plugin on a three-node cluster using enterprise signed certificates. I have four certificates root.crt, key, intermediate and digital certificates.

How can I configure SSL with Opendistro when I have intermediate and Digi certificates?

I tried providing certificates in an array. it worked with xpack. but, when we are trying same certificates with open distro. nodes are throwing an exception saying unable to read certificates.

Open Distro isn’t accepting an array.

opendistro_security.ssl.transport.pemcert_filepath: [“nsdev-digi.crt”,“nsdev-intermediate.crt”]
opendistro_security.ssl.transport.pemkey_filepath: nsdev.key
opendistro_security.ssl.transport.pemtrustedcas_filepath: root.crt

–
Thanks
Shiva Vikas

sreekanth · October 27, 2020, 2:20pm

opendistro_security.ssl.transport.pemcert_filepath - This should point to a pem file that contains the root, intermediate and actual cert. A simple google should give you the steps on how to concatenate all the three files into a pem.

vikasgurlinka · October 30, 2020, 8:05am

@sreekanth thanks for your reply. it worked after we merge the certificates.

Topic		Replies	Views
SSL Woes with OpenDistro on Docker Security	6	1010	May 31, 2021
Error while using Lets Encrypt Certificate Security	3	1474	March 16, 2021
General security questions about Open Distro Security	1	2060	April 26, 2022
Nodes_dn configuration Open Source Elasticsearch and Kibana	3	3692	August 16, 2019
SSL cert hot reload (for PEM files) - v 1.6.0 Security	1	1349	May 6, 2020

Issue with Oependistro SSL configuration using Intermediate and Digi certificates

Related Topics