Self-signed admin certificate

A quick question:

Are there any disadvantages or security issues with using a self-signed certificate for the root ca and admin certificates? I’m not currently using SSL so don’t need https support.

Thanks!

@jong Using self-signed certificates won’t brake OpenSearch functionality.
The good practice is using self-signed certificates in dev/test environments and trusted certificates in the production.
Trusted certificates confirm that the accessed service is verified and valid.

It depends what is the security policy in your environment and the kind of data (i.e. personal data) processed by OpenSearch. In regulated environments (i.e. medical manufacturing) trusted certificates would be mandatory.

If you don’t use HTTPS then TLS certificates are not required. However, you’ll still need HTTPS access to the cluster to update the config with securityadmin.sh.

2 Likes