Transport client authentication no longer supported issue

Versions OpenSearch 2.11 (it is not a demo installation)

Describe the issue: Trying to start up openSearch and so receiving this error message:

[2024-07-11T03:39:16,718][WARN ][o.o.d.HandshakingTransportAddressConnector] [i1] handshake failed for [connectToRemoteMasterNode[10.0.1.7:9300]]
org.opensearch.transport.RemoteTransportException: [edge-master][10.0.1.7:9300][internal:transport/handshake]
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
at org.opensearch.security.ssl.util.ExceptionUtils.createTransportClientNoLongerSupportedException(ExceptionUtils.java:63) ~[?:?]

Configuration:

> node.name: "ed-master"
> 
> network.host: "10.0.1.7"
> 
> http.port: 9200
> transport.host: "0.0.0.0"
> transport.tcp.port: 9300
> bootstrap.memory_lock: true
> 
> discovery.seed_hosts: ["ed-master","i1"]
> 
> node.roles: [master]
> 
> plugins.security.allow_default_init_securityindex: true
> plugins.security.audit.type: internal_opensearch
> plugins.security.enable_snapshot_restore_privilege: true
> plugins.security.check_snapshot_restore_write_privileges: true
> plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
> 
> plugins.security.allow_unsafe_democertificates: true
> plugins.security.ssl.transport.pemcert_filepath: fullchain.pem
> plugins.security.ssl.transport.pemkey_filepath: privkey-pkcs8.pem
> plugins.security.ssl.transport.pemtrustedcas_filepath: isrgrootx1.pem
> plugins.security.ssl.transport.enforce_hostname_verification: false
> plugins.security.ssl.transport.resolve_hostname: false
> plugins.security.ssl.http.enabled: true
> plugins.security.ssl.http.pemcert_filepath: fullchain.pem
> plugins.security.ssl.http.pemkey_filepath: privkey-pkcs8.pem
> plugins.security.ssl.http.pemtrustedcas_filepath: isrgrootx1.pem
> plugins.security.nodes_dn:
> - CN=ed-master.ed.com,OU=Ops,O=ed.com, Inc.,DC=ed.com
> - CN=i1.ed.com,OU=Ops,O=ed.com, Inc.,DC=ed.com
> 
> plugins.security.authcz.admin_dn:
> - CN=*.ed.com,

Any help in how can I fix it? I read some related tickets, but i could not figure out my mistake.

Regards

@Gustavo The error message is not very descriptive. This means that you’re trying to connect a node that is not defined in the plugins.security.nodes_dn.

Try this instead. You need to escape an extra comma sign.

plugins.security.nodes_dn:
 - CN=ed-master.ed.com,OU=Ops,O=ed.com\, Inc.,DC=ed.com
 - CN=i1.ed.com,OU=Ops,O=ed.com\, Inc.,DC=ed.com
1 Like