Opensearch Dashboard TLS Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearchproject/opensearch:latest
opensearchproject/opensearch-dashboards:latest

Describe the issue:
Configured Opensearch Dashboards to use TLS. When navigating to https://0.0.0.0:5601 I’m presented with the following error

"Secure Connection Failed

An error occurred during a connection to 0.0.0.0:5601. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG"

Configuration:
Opensearch-dashboards.yml

opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: certificate
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersAllowlist: [ authorization,securitytenant ]
server.ssl.enabled: true
server.ssl.certificate: /usr/share/opensearch-dashboards/config/client1.pem
server.ssl.key: /usr/share/opensearch-dashboards/config/client1-key.pem
opensearch.ssl.certificateAuthorities: [ "/usr/share/opensearch-dashboards/config/root-ca.pem"]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: true

Docker-compose.yml

opensearch-dashboards:
    image: opensearchproject/opensearch-dashboards:latest
    container_name: opensearch-dashboards
    volumes:
      - ./root-ca.pem:/usr/share/opensearch-dashboards/config/root-ca.pem
      - ./client1.pem:/usr/share/opensearch-dashboards/config/client1.pem
      - ./client1-key.pem:/usr/share/opensearch-dashboards/config/client1-key.pem
      - ./opensearch-dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch-dashboards.yml 
    ports:
      - 5601:5601 # Map host port 5601 to container port 5601
    expose:
      - "5601" # Expose port 5601 for web access to OpenSearch Dashboards
    environment:
      - 'OPENSEARCH_HOSTS=["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
      - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=false" # disables security dashboards plugin in OpenSearch Dashboards
    networks:
      - opensearch-net

Relevant Logs or Screenshots:

Still experiencing this issue @pablo any suggestions?

@Elodin … given the file name of the certificate used by OpenSearch Dashboards (client1.pem), it seems like you’re attempting to use a “client certificate” - but OpenSearch Dashboards is not a “client” in this context

Check the Extended Key Usage (EKU) section of your cert - it should include “serverAuth” (instead of “clientAuth”)

Thanks for your response. How can I view this information about the self-signed cert? Is there any specific opensearch documentation for this configuration? Your assumptions are correct in thinking that I followed the “client certificate” documentation for this config.