Replace Demo certificates

hi bros,
I’m stuck with replacing demo certificates.
I’ve tried to use environment variables in docker-compose, but I didn’t work, it will generate demo anyway.
- opendistro_security.ssl.transport.pemcert_filepath=node.pem
- opendistro_security.ssl.transport.pemkey_filepath=node-key.pem
- opendistro_security.ssl.transport.pemtrustedcas_filepath=root-ca.pem
- opendistro_security.ssl.transport.enforce_hostname_verification=false

I just want to use custom transport certificates, but forced to replaced also admins cert.

Please share your elasticsearch config files, cuz official documentation is really confused.
Thanks in advance.

solve it by changing
opendistro_security.allow_unsafe_democertificates: to true

How do we configure custom certs, not demo certs?
The above question wants to replace the demo certs and use custom certs. How do we do this?

Hi @virasana, have you check Generating self-signed certificates - OpenSearch Documentation

(then replace demo certs with the newly generated self-signed certificates).

Best,
mj

Hi @Mantas
Thanks. Yes indeed I have checked the link you provide.

Unfortunately, I just find the errors I mentioned.

As far as I am aware, we need an RID for a single node cert This is not covered in any of the docs I have seen, unless I am mistaken.

@virasana, would you mind sharing the error?

thanks,
mj

Hi Mantas,
Thanks for your reply. The errors are in my original post. Transport Error.