@slynch - the paranoid part of me would want to verify that the certs and keys are in good shape …
openssl verify -verbose -CAfile <CA cert> <node cert>
… and of course to see what is in the certs:
openssl x509 -text -noout -in <cert file>
One thing that makes me wonder is the fact that it doesn’t seem to recognize that you provided a cert at all … maybe check the permissions on the cert/key files to make sure your opensearch process can read it (something that we stumbled across since we are running everything as user ‘opensearch’)
@feng - Agreed that the simplest way is to run the opensearch-tar-install.sh script with NO CERTS in the opensearch.yml file … let it create and initialize everything in the demo configuration … then replace the demo certs in the config file with your certs and restart. That makes sure you have the full configuration included.
I will be working on a better script, though, since I will have to use the tarball when we move to production (despite the discussion in another topic – I will not be able to use the RPM distribution when it is available).