When trying to install and configure opensearch getting the below error

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Version- Opensearch-2.11.1

Describe the issue:

./securityadmin.sh -cd Path/to/opensearch-security/ -cacert /Path/to/config/root-ca.pem -cert Path/to/opensearch-2.11.1/config/admin.pem -key Path/to/opensearch-2.11.1/config/admin-key.pem -icl -nhnv

** This tool will be deprecated in the next major release of OpenSearch **
** [DEPRECATION] Security Plugin Tools will be replaced · Issue #1755 · opensearch-project/security · GitHub **

Security Admin v7
Will connect to localhost:9200 … done
ERR: An unexpected IOException occured: Unrecognized SSL message, plaintext connection?
Trace:
java.io.IOException: Unrecognized SSL message, plaintext connection?
at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:959)
at org.opensearch.client.RestClient.performRequest(RestClient.java:333)
at org.opensearch.client.RestClient.performRequest(RestClient.java:321)
at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:573)
at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:163)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at java.base/sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:145)
at java.base/sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:64)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:612)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:279)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:333)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:545)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
at java.base/java.lang.Thread.run(Thread.java:840)

Configuration:

Relevant Logs or Screenshots:

@redsanj I don’t see the hostname in the command so I assume you’re using localhost as destination.
Did you turned off SSL on the 9200 endpoint in OpenSearch node? HTTPS is required on 9200 for securityadmin.sh script.

plugins.security.ssl.http.enabled: true

I have enabled the security. Hostname
plugins.security.ssl.http.enabled: true

Can we use opensearch with http:// domainDNS:9200 instead of https://domainDNS:9200?

when i disable the plugin security, the connectivity between opensearch and bitbucket is working fine but it is accepting any username and password.

plugins.security.disabled: true

Could you please check?

This is correct. You don’t need to provide any credentials when the security plugin is disabled. However, I strongly advise to keep it enabled all the time.

No, you cannot. The securityadmin.sh uses an SSL certificate to authenticate with the cluster using an SSL endpoint.

The error suggests a mismatch between SSL/TLS configuration and plaintext connection. Verify that OpenSearch is correctly set up for SSL/TLS and ensure you are connecting to the correct port and using valid certificates. Double-check the configuration in opensearch.yml and make sure your securityadmin.sh script aligns with the SSL settings.