Skip to main content
Version: 5.1

Verifying SA Engine RE and Inventory Certificates

After updating certificates, you must verify that SSL settings are correctly applied not only to core system components but also to auxiliary modules like SA Engine Remote Executor and Inventory.

SA Engine Remote Executor Verification

SA Engine RE uses SSL parameters configured in the application.properties file. Verify the file contains correct certificate paths:

File location: ${OSD_HOME}/utils/sme-re

Example configuration:


# ssl paramaters
server.ssl.enabled=true
server.ssl.certificate=/app/opensearch/config/node-cert.pem
server.ssl.certificate-private-key=/app/opensearch/config/node-key.pem
server.ssl.trust-certificate=/app/opensearch/config/ca-cert.pem
# can be need, none, want
server.ssl.client-auth=need

Inventory Verification (if used)

For systems utilizing the Inventory module, verify its SSL configuration:

  • Configuration file: config.yml

  • File location: ${OSD_HOME}/utils/inventory

Recommended to create a backup before making changes:

mkdir -p /app/backup/inventory_$(date +%Y%m%d)
cp ${OSD_HOME}/utils/inventory/config.yml /app/backup/inventory_$(date +%Y%m%d)/

Example SSL parameters in config.yml:

opensearch: ["https://<OS_HOSTS>:9200"]
username: <USERNAME>
password: <PWD>
cert: /app/opensearch/config/ca-cert.pem

Ensure the ca-cert.pem certificate is properly loaded and matches the updated infrastructure certificates.