Creation of new admin certificate without the default wazuh configuration

840 views
Skip to first unread message

wgree...@gmail.com

unread,
Mar 18, 2022, 11:43:06 AM3/18/22
to Wazuh mailing list
I have installed opendistro with the following security configuration:

- CN=vm-wz-net360-248-0,OU=AU,O=BBT,L=ALABAMA,C=US

- CN=vm-wz-net360-248-1,OU=AU,O=BBT,L=ALABAMA,C=US

- CN=vm-wz-net360-249-0,OU=AU,O=BBT,L=ALABAMA,C=US

opendistro_security.authcz.admin_dn:

- CN=admin,OU=OU,O=BBT,L=ALABAMA,C=US


I am getting the following error when I try to initialize the cluster:

Connected as CN=admin,OU=Docu,O=Wazuh,L=California,C=US

ERR: CN=admin,OU=Docu,O=Wazuh,L=California,C=US is not an admin user

Seems you use a client certificate but this one is not registered as admin_dn

Make sure elasticsearch.yml on all nodes contains:

opendistro_security.authcz.admin_dn:

  - "CN=admin,OU=Docu,O=Wazuh,L=California,C=US"


Any assistance would be greatly appreciated...


Thanks

Raul Del Pozo Moreno

unread,
Mar 18, 2022, 12:23:36 PM3/18/22
to Wazuh mailing list
Hello wgreen2135

This error is due to the fact that the installation guide does not contemplate the change of the admin certificate, to solve this, it is necessary to redo the admin certificate, for this you have two options

1. Modify the wazuh-cert-tool.sh script
2. Use the default admin certificate

If you use the default admin certificate, it would be enough to put the following back in the elasticsearch.yml file:

CN=admin,OU=Docu,O=Wazuh,L=California,C=US

If you choose to redo the certificates you would have to follow these steps:

1. Edit the wazuh-cert-tool.sh script and change line 186:

eval "openssl req -new -key ~/certs/admin-key.pem -out ~/certs/admin.csr -batch -subj '/C=US/L=California/O=Wazuh/OU=Docu/CN=admin' ${debug}"

by

eval "openssl req -new -key ~/certs/admin-key.pem -out ~/certs/admin.csr -batch -subj '/C=US/L=ALABAMA/O=BBT/OU=OU/CN=admin' ${debug}"

- Make a copy of the certificates that you consider appropriate from the folder ~/certs and /etc/elasticsearch/certs/
- Regenerate the certificates again

bash wazuh-cert-tool.sh

- Follow the documentation from copying the certificates and providing the new certificates to each node, like setting the node name in a variable, copying the certificates to /etc/elasticsearch/certs, passing the certificates to the next node... and initialize the cluster master.

Regards, Raúl.

wgree...@gmail.com

unread,
Mar 23, 2022, 7:37:26 AM3/23/22
to Wazuh mailing list
Thank You
Reply all
Reply to author
Forward
0 new messages