Trying set-up a 3 node opensearch cluster. But getting SSL handshake rejection related issue

Security
1

This issue was created in the OpenSearch Security Slack channel.

Slack

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue:

1. I have installed OpenSearch in 3 nodes with same cluster name and 9200 , 9300 ports are open and reachable from all nodes.

  1. I have created admin/root/node certificates for each node using openssl i,e root-ca.pem, admin-client.pem , admin-client-key.pem and configured in opensearch.yml file
  2. verified the plugins.security.nodes_dn and plugins.security.authcz.admin_dn values which are matching to the content in .pem keys
plugins.security.nodes_dn:
  - "CN=opensearch-*,OU=Node,O=OpenSearch Test,L=Test,ST=Test,C=US"
plugins.security.authcz.admin_dn:
  - "CN=admin-client,OU=Admin,O=OpenSearch Test,L=Test,ST=Test,C=US"

# openssl x509 -in /etc/opensearch/certs/admin-client.pem -noout -subject -nameopt RFC2253 | sed 's/subject=//'
CN=admin-client,OU=Admin,O=OpenSearch POC,L=Test,ST=Test,C=US

But when I start the opensearch and run the securityadmin.sh script , its throwing SSL handshake rejection error

# /usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh   -cd /etc/opensearch/opensearch-security/   -icl -nhnv   -cacert /etc/opensearch/certs/root-ca.pem   -cert /etc/opensearch/certs/admin-client.pem   -key /etc/opensearch/certs/admin-client-key.pem   -p 9300 
Security Admin v7
Will connect to localhost:9300 ... done
ERR: An unexpected ConnectionClosedException occured: Connection is closed
Trace:
org.apache.hc.core5.http.ConnectionClosedException: Connection is closed
        at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:1331)
        at org.opensearch.client.RestClient.performRequest(RestClient.java:371)
        at org.opensearch.client.RestClient.performRequest(RestClient.java:359)
        at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:541)
        at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:154)
Caused by: org.apache.hc.core5.http.ConnectionClosedException: Connection is closed
        at org.apache.hc.core5.http2.impl.nio.AbstractH2StreamMultiplexer.onException(AbstractH2StreamMultiplexer.java:668)
        at org.apache.hc.core5.http2.impl.nio.AbstractH2IOEventHandler.exception(AbstractH2IOEventHandler.java:91)
        at org.apache.hc.core5.http2.impl.nio.ClientH2IOEventHandler.exception(ClientH2IOEventHandler.java:39)
        at org.apache.hc.core5.reactor.ssl.SSLIOSession$1.exception(SSLIOSession.java:245)
        at org.apache.hc.core5.reactor.InternalDataChannel.onException(InternalDataChannel.java:181)
        at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:55)
        at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:176)
        at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:125)
        at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:92)
        at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
        at java.base/java.lang.Thread.run(Thread.java:1447)

Please help to resolve this issue.

Configuration:

Relevant Logs or Screenshots:

2

Could you please share your full configs and redact any sensitive information