PR 577 issue: OpenSearchException: Transport client authentication no longer supported

[calibratedcat]

After updating to version v4.7.4 using Certmanager from this PR (#577) I am getting Indexer errors stating that "Transport client authentication is no longer supported".

[ejedev]

Are you trying to run it as a cluster? The plugins.security.authcz.admin_dn and plugins.security.nodes_dn values need to be updated to match the certificates being generated by CertManager.

I ran into this issue as well and also needed to change the filepaths from this:

plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node/tls.crt
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node/tls.key
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/node/ca.crt
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/admin/tls.crt
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/admin/tls.key
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/admin/ca.crt

to this:

plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node/tls.crt
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node/tls.key
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/node/ca.crt
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node/tls.crt
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node/tls.key
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/node/ca.crt