Opensearch Dashboard TLS Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearchproject/opensearch:latest
opensearchproject/opensearch-dashboards:latest

Describe the issue:
Configured Opensearch Dashboards to use TLS. When navigating to https://0.0.0.0:5601 I’m presented with the following error

"Secure Connection Failed

An error occurred during a connection to 0.0.0.0:5601. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG"

Configuration:
Opensearch-dashboards.yml

opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: certificate
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersAllowlist: [ authorization,securitytenant ]
server.ssl.enabled: true
server.ssl.certificate: /usr/share/opensearch-dashboards/config/client1.pem
server.ssl.key: /usr/share/opensearch-dashboards/config/client1-key.pem
opensearch.ssl.certificateAuthorities: [ "/usr/share/opensearch-dashboards/config/root-ca.pem"]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: true

Docker-compose.yml

opensearch-dashboards:
    image: opensearchproject/opensearch-dashboards:latest
    container_name: opensearch-dashboards
    volumes:
      - ./root-ca.pem:/usr/share/opensearch-dashboards/config/root-ca.pem
      - ./client1.pem:/usr/share/opensearch-dashboards/config/client1.pem
      - ./client1-key.pem:/usr/share/opensearch-dashboards/config/client1-key.pem
      - ./opensearch-dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch-dashboards.yml 
    ports:
      - 5601:5601 # Map host port 5601 to container port 5601
    expose:
      - "5601" # Expose port 5601 for web access to OpenSearch Dashboards
    environment:
      - 'OPENSEARCH_HOSTS=["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
      - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=false" # disables security dashboards plugin in OpenSearch Dashboards
    networks:
      - opensearch-net

Relevant Logs or Screenshots:

Still experiencing this issue @pablo any suggestions?

@Elodin … given the file name of the certificate used by OpenSearch Dashboards (client1.pem), it seems like you’re attempting to use a “client certificate” - but OpenSearch Dashboards is not a “client” in this context

Check the Extended Key Usage (EKU) section of your cert - it should include “serverAuth” (instead of “clientAuth”)

Thanks for your response. How can I view this information about the self-signed cert? Is there any specific opensearch documentation for this configuration? Your assumptions are correct in thinking that I followed the “client certificate” documentation for this config.

The error message SSL_ERROR_RX_RECORD_TOO_LONG only occurs in Mozilla Firefox. Even if other browsers could have variations of the issue, you probably won’t encounter it when using them. For instance, it states that the website you are attempting to visit is unavailable “because the authenticity of the received data could not be verified.”

In a nutshell, the SSL certificate’s improper configuration is the most typical issue, which prevents your browser from successfully establishing a connection with the server’s port. Different methods that can be helpful for error solution some are as follows:-

1. Erase the Cache and History for your browser

2. Update Firefox browser

3. Uninstall Extensions

4. Utilize the HTTP Protocol