Self-signed admin certificate

jong · August 5, 2022, 8:37am

A quick question:

Are there any disadvantages or security issues with using a self-signed certificate for the root ca and admin certificates? I’m not currently using SSL so don’t need https support.

Thanks!

pablo · August 5, 2022, 6:39pm

@jong Using self-signed certificates won’t brake OpenSearch functionality.
The good practice is using self-signed certificates in dev/test environments and trusted certificates in the production.
Trusted certificates confirm that the accessed service is verified and valid.

It depends what is the security policy in your environment and the kind of data (i.e. personal data) processed by OpenSearch. In regulated environments (i.e. medical manufacturing) trusted certificates would be mandatory.

If you don’t use HTTPS then TLS certificates are not required. However, you’ll still need HTTPS access to the cluster to update the config with securityadmin.sh.

Topic		Replies	Views
Self-signed certificat : securityadmin.sh returns an error OpenSearch troubleshoot	3	122	March 5, 2024
Admin certificates not working properly? Security	4	583	December 1, 2021
Certificate configuration Error Security troubleshoot , configure	5	1115	June 26, 2023
"Seems you use a node certificate which is also an admin certificate" - Error when running security script Security	1	428	March 6, 2023
Install OpenSearch Behind Nginx Reverse Proxy Security	1	1550	September 24, 2021

Self-signed admin certificate

Related Topics