Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
“number” : “2.2.0”
docker compose
Describe the issue:
get _plugins/_security/api/securityconfig (this works ok)
GET _plugins/_security/api/ssl/certs i get 403 so no permission
what do i add to allow api query certs details
find cert file path config to update new cert
if certs are stored in index any extra steps to load into index
Configuration:
@infodata GET _plugins/_security/api/ssl/certs requires admin certificate.
i.e.
curl --insecure --cert config/kirk.pem --key config/kirk-key.pem --cacert config/root-ca.pem -XGET https://localhost:9200/_plugins/_security/api/ssl/certs?pretty
In the demo configuration, kirk user is defined in admin_dn of the opensearch.yml
plugins.security.authcz.admin_dn:
- CN=kirk,OU=client,O=client,L=test, C=de
@pablo
if dashboards https certs are stored in index any extra steps to load from files into index or query them from api their state
@infodata No, it wouldn’t. This is only possible with admin certs and client certificate authentication.
@infodata As far as I’m aware OpenSearch Dashboards’ certificates are stored in the memory. They’re loaded every time when the OpenSearch Dashboards service/container starts.
I have issue where its always showing past cert even after upgrade to new container version and exact similar config on other server does show new certs from local path
EDIT : found there was old cert added on load balancer of aws as this is running on instance behind lb
after load balancer cert was updated it showed new cert