OpenSearch cannot Authenticate Keycloak server that use Self Sign Certificate

Security
,
1

Please advice how can I connect with Keycloak Server which use Self Sign Certificate, Thank you.

Detail about my configuration

OpenSearch Server 1.2.4
OpenSearch Dashboards 1.2.0

Config to authenticate with Keycloak.
In my config.yml

_meta:
  type: "config"
  config_version: 2

config:
  dynamic:
    http:
      anonymous_auth_enabled: false
      xff:
        enabled: false
        internalProxies: '192\.168\.0\.10|192\.168\.0\.11' # regex pattern
    authc:
      basic_internal_auth_domain:
        description: "Authenticate via HTTP Basic against internal users database"
        http_enabled: true
        transport_enabled: true
        order: 1
        http_authenticator:
          type: basic
          challenge: true
        authentication_backend:
		   type: intern
      openid_auth_domain:
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: openid
          challenge: false
          config:
            openid_connect_url: https://192.168.10.25/auth/realms/guru/.well-known/openid-configuration
            openid_connect_idp.pemtrustedcas_filepath: /usr/share/opensearch/config/cert-gr-team-local.cer
            openid_connect_idp.enable_ssl: true
            subject_key: preferred_username
            roles_key: roles
        authentication_backend:
          type: noop
    authz:
      roles_from_myldap:
        description: "Authorize via LDAP or Active Directory"
        http_enabled: false
        transport_enabled: false
        authorization_backend:
          type: ldap

In my opensearch_dashboards.yml

server.host: "192.168.10.40"
opensearch.hosts: ["http://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]

opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
# Use this setting if you are running opensearch-dashboards without https
opensearch_security.cookie.secure: false

# Enable OpenID authentication
opensearch_security.auth.type: "openid"

# The IdP metadata endpoint
opensearch_security.openid.connect_url: "https://192.168.10.25/auth/realms/guru/.well-known/openid-configuration"

opensearch_security.openid.root_ca: "/usr/share/opensearch-dashboards/config/cert-gr-team-local.cer"

opensearch_security.openid.verify_hostnames: false

# The ID of the OpenID Connect client in your IdP
opensearch_security.openid.client_id: "opensearch-client"

# The client secret of the OpenID Connect client
opensearch_security.openid.client_secret: "e2adde37-ef44-4167-af37-c740c2034dd5"

When I run OpenSearch via docker-compose command. It show error log like this.

image
image1645×893 562 KB

2

Finally I can fix it myself. I export PEM file from Firefox Browser and use it instead of old file, cert-gr-team-local.cer. Now everything is work find, Thank you.