Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): 2.8.0
Describe the issue:
Hi Guys, Recently a company has been merged into ours and they are sending test logs into opensearch cluster from their logstash server ( this is all performed in test env )
We wanted to have a secure communication between logstash and opensearch since it has come through internet ( cross AWS account configuration ).
in the testing environment we are using demo certificates ( generated by security admin script ) for both ssl.http and ssl.transport communication.
ssl http which is the configuration to communicate cluster from client end.
One of the article said I can copy the certificate from the node ( which I will be sending logs ) and upload it into the logstash server and specify the configuration and path in output configuration.
But that did not work, resulting in below Error message
Certificate for doesn’t match any of the subject alternative names: [node-0…com, localhost, 127.0.0.1]
Configuration:
Logstash output config
output {
opensearch {
hosts => [ “https://” ]
http_compression => true
ssl => true
cacert => “/path/to/demoroot-ca.pem”
username=> "username "
password => "password "
index => “test-index-%{+YYYY.MM.dd}”
}
}
Can you please let me know is this correct way to do it
some of the documentation said SAN are configured while generating certificates
I’m afraid if I generate a new certificate and have it cinfigured in one of the nodes this will mess up the cluster formation.
Can you please help me on this.
Thank you