Issue with Oependistro SSL configuration using Intermediate and Digi certificates

vikasgurlinka · October 20, 2020, 10:24am

Hi,

I am trying to configure open distro security plugin on a three-node cluster using enterprise signed certificates. I have four certificates root.crt, key, intermediate and digital certificates.

How can I configure SSL with Opendistro when I have intermediate and Digi certificates?

I tried providing certificates in an array. it worked with xpack. but, when we are trying same certificates with open distro. nodes are throwing an exception saying unable to read certificates.

Open Distro isn’t accepting an array.

opendistro_security.ssl.transport.pemcert_filepath: [“nsdev-digi.crt”,“nsdev-intermediate.crt”]
opendistro_security.ssl.transport.pemkey_filepath: nsdev.key
opendistro_security.ssl.transport.pemtrustedcas_filepath: root.crt

–
Thanks
Shiva Vikas

sreekanth · October 27, 2020, 2:20pm

opendistro_security.ssl.transport.pemcert_filepath - This should point to a pem file that contains the root, intermediate and actual cert. A simple google should give you the steps on how to concatenate all the three files into a pem.

vikasgurlinka · October 30, 2020, 8:05am

@sreekanth thanks for your reply. it worked after we merge the certificates.

Topic		Replies	Views
SSL Woes with OpenDistro on Docker Security	6	1065	May 31, 2021
Error while using Lets Encrypt Certificate Security	3	1570	March 16, 2021
General security questions about Open Distro Security	1	2109	April 26, 2022
Nodes_dn configuration Open Source Elasticsearch and Kibana	3	3874	August 16, 2019
Replace Demo certificates Security	6	1094	October 4, 2024

Issue with Oependistro SSL configuration using Intermediate and Digi certificates

Related topics