Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
“number” : “2.2.0”
Describe the issue:
get _plugins/_security/api/securityconfig (this works ok)
GET _plugins/_security/api/ssl/certs i get 403 so no permission
what do i add to allow api query certs details
find cert file path config to update new cert
if certs are stored in index any extra steps to load into index
April 3, 2023, 10:39pm
@infodata GET _plugins/_security/api/ssl/certs requires admin certificate.
curl --insecure --cert config/kirk.pem --key config/kirk-key.pem --cacert config/root-ca.pem -XGET https://localhost:9200/_plugins/_security/api/ssl/certs?pretty
In the demo configuration, kirk user is defined in admin_dn of the opensearch.yml
- CN=kirk,OU=client,O=client,L=test, C=de
@pablo thx so this would not work in console
if dashboards https certs are stored in index any extra steps to load from files into index or query them from api their state
April 5, 2023, 12:16pm
@infodata No, it wouldn’t. This is only possible with admin certs and client certificate authentication.
April 5, 2023, 12:17pm
@infodata As far as I’m aware OpenSearch Dashboards’ certificates are stored in the memory. They’re loaded every time when the OpenSearch Dashboards service/container starts.
I have issue where its always showing past cert even after upgrade to new container version and exact similar config on other server does show new certs from local path
EDIT : found there was old cert added on load balancer of aws as this is running on instance behind lb
after load balancer cert was updated it showed new cert