Create admin and other user/roles using demo certs

abzter · October 20, 2021, 7:09am

I am using OpenSearch 1.1.0

I am trying to create users and roles using demo certificates, when I make a call like this

curl  -XGET 'http://localhost:9200/_plugins/_security/authinfo?pretty'  --cacert ./root-ca.pem --key ./kirk-key.pem --cert ./kirk.pem

I get Unauthorized as response. This is with HTTPS disabled.

While the same works with HTTPS enabled

curl  -XGET 'https://localhost:9200/_plugins/_security/authinfo?pretty'  --cacert ./root-ca.pem --key ./kirk-key.pem --cert ./kirk.pem

Is there a workaround to make it work with HTTPS disabled.

#opensearch.yml
plugins.security.ssl.http.enabled: false

nils · October 24, 2021, 7:32am

The curl call you gave uses the paramters --key ./kirk-key.pem --cert ./kirk.pem. This means, that it is using certificate authentication. Certificate authorization is done on the TLS layer. Thus, it cannot work if TLS (resp. HTTPS) is disabled. If you have disabled TLS, you need to use other authentication methods (such as basic auth with an authentication backend).

As a side note: It seems you are not using Search Guard, but OpenSearch security. Questions on this should be directed to the OpenSearch forum:

system · November 14, 2021, 7:33am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Searchgurad admin user vs certificate Search Guard	3	400	August 7, 2018
New to SSL and Search-Guard - help! Search Guard	5	712	June 11, 2018
Demo certificates rollover Search Guard	18	839	June 18, 2019
I generated all key, pem files with example.sh, please let me know which one I can use for curl ? Search Guard	1	410	January 25, 2017
How to communicate with cluster that has ssl set up Search Guard	4	803	July 5, 2018

Create admin and other user/roles using demo certs

Related Topics