Configure TLS for OpenSearch Dashboards
By default, for ease of testing and getting started, OpenSearch Dashboards runs over HTTP. To enable TLS for HTTPS, update the following settings in
|opensearch.ssl.verificationMode||This setting is for communications between OpenSearch and OpenSearch Dashboards. Valid values are |
|server.ssl.enabled||This setting is for communications between OpenSearch Dashboards and the web browser. Set to true for HTTPS, false for HTTP.|
|opensearch_security.cookie.secure||If you enable TLS for OpenSearch Dashboards, change this setting to |
opensearch_dashboards.yml configuration shows OpenSearch and OpenSearch Dashboards running on the same machine with the demo configuration:
opensearch.hosts: ["https://localhost:9200"] opensearch.ssl.verificationMode: full opensearch.username: "kibanaserver" opensearch.password: "kibanaserver" opensearch.requestHeadersAllowlist: [ authorization,securitytenant ] server.ssl.enabled: true server.ssl.certificate: /usr/share/opensearch-dashboards/config/client-cert.pem server.ssl.key: /usr/share/opensearch-dashboards/config/client-cert-key.pem opensearch.ssl.certificateAuthorities: [ "/usr/share/opensearch-dashboards/config/root-ca.pem", "/usr/share/opensearch-dashboards/config/intermediate-ca.pem" ] opensearch_security.multitenancy.enabled: true opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] opensearch_security.readonly_mode.roles: ["kibana_read_only"] opensearch_security.cookie.secure: true
If you use the Docker install, you can pass a custom
opensearch_dashboards.yml to the container. To learn more, see the Docker installation page.
After enabling these settings and starting OpenSearch Dashboards, you can connect to it at
https://localhost:5601. You might have to acknowledge a browser warning if your certificates are self-signed. To avoid this sort of warning (or outright browser incompatibility), best practice is to use certificates from trusted certificate authority.