@Paladox If the admin cert and node cert has a different root CA then you can bind both CA’s in one pem certificate and use it with plugins.security.ssl.http.pemtrustedcas_filepath option in opensearch.yml.
The root PEM file should look like the one below.
-----BEGIN CERTIFICATE-----
<admin Root CA certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<node Root CA certificate >
-----END CERTIFICATE-----