SSL integration for OpenSearch dashboard

ChandanHaldar · March 21, 2022, 6:48am

Hi @all,
I have configured self signed SSl certificates for Opensearch and OpenSearch dashboard.
Here is the config file for opensearch dashboard:

# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0


# Description:
# Default configuration for OpenSearch Dashboards

server.host: '0.0.0.0'
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: certificate
opensearch.username: "admin"
opensearch.password: "admin"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]

server.ssl.enabled: true
server.ssl.certificate: /oss/certs/root-ca.pem
server.ssl.key: /oss/certs/root-ca-key.pem
opensearch.ssl.certificateAuthorities: [ "/oss/certs/root-ca.pem" ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: true

I tried to start opensearch dashboard, getting this error.

{"type":"log","@timestamp":"2022-03-21T06:35:50Z","tags":["info","plugins-service"],"pid":52871,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2022-03-21T06:35:50Z","tags":["info","plugins-system"],"pid":52871,"message":"Setting up [44] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,anomalyDetectionDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,queryWorkbenchDashboards,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,observabilityDashboards,discover,savedObjectsManagement,bfetch]"}
{"type":"log","@timestamp":"2022-03-21T06:35:51Z","tags":["info","savedobjects-service"],"pid":52871,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2022-03-21T06:35:51Z","tags":["error","opensearch","data"],"pid":52871,"message":"[ConnectionError]: unable to verify the first certificate"}
{"type":"log","@timestamp":"2022-03-21T06:35:51Z","tags":["error","savedobjects-service"],"pid":52871,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2022-03-21T06:35:53Z","tags":["error","opensearch","data"],"pid":52871,"message":"[ConnectionError]: unable to verify the first certificate"}

OpenSearch is also using the same SSL certificate and key file, and it is running fine.

pablo · March 21, 2022, 12:56pm

@ChandanHaldar Your OpenSearch Dashboards connects to OpenSearch using localhost as the hostname. Verify that target OpenSearch has localhost in CN or SAN in its certificate and is signed by root-ca.pem certificate defined in opensearch.ssl.certificateAuthorities.

Topic		Replies	Views
Issue with OpenSearch dashboard TLS Configuration Security troubleshoot	14	2021	June 1, 2023
An Error Is Reported When opensearch-dashboards Is Connected to the OpenSearch Cluster OpenSearch Dashboards install	2	159	June 6, 2024
Issue with OpenSearch dashboard with ssl certificate Security troubleshoot	9	4636	August 23, 2023
Error self-signed certificate Security troubleshoot	9	296	July 11, 2024
How can i authenticate my Opensearch users with client certificate Security	5	2007	October 19, 2021

SSL integration for OpenSearch dashboard

Related Topics