Hi @all,
I have configured self signed SSl certificates for Opensearch and OpenSearch dashboard.
Here is the config file for opensearch dashboard:
# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
# Description:
# Default configuration for OpenSearch Dashboards
server.host: '0.0.0.0'
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: certificate
opensearch.username: "admin"
opensearch.password: "admin"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
server.ssl.enabled: true
server.ssl.certificate: /oss/certs/root-ca.pem
server.ssl.key: /oss/certs/root-ca-key.pem
opensearch.ssl.certificateAuthorities: [ "/oss/certs/root-ca.pem" ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: true
I tried to start opensearch dashboard, getting this error.
{"type":"log","@timestamp":"2022-03-21T06:35:50Z","tags":["info","plugins-service"],"pid":52871,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2022-03-21T06:35:50Z","tags":["info","plugins-system"],"pid":52871,"message":"Setting up [44] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,anomalyDetectionDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,queryWorkbenchDashboards,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,observabilityDashboards,discover,savedObjectsManagement,bfetch]"}
{"type":"log","@timestamp":"2022-03-21T06:35:51Z","tags":["info","savedobjects-service"],"pid":52871,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2022-03-21T06:35:51Z","tags":["error","opensearch","data"],"pid":52871,"message":"[ConnectionError]: unable to verify the first certificate"}
{"type":"log","@timestamp":"2022-03-21T06:35:51Z","tags":["error","savedobjects-service"],"pid":52871,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2022-03-21T06:35:53Z","tags":["error","opensearch","data"],"pid":52871,"message":"[ConnectionError]: unable to verify the first certificate"}
OpenSearch is also using the same SSL certificate and key file, and it is running fine.