Hi Dojo,

The OpenSearch generate-certificates.sh script (interactive version) has breaking bugs.

1. Invalid default value for certificate validity
   validity=${validity:-66.612.500} is not a number and will always fail numeric validation and the prompt says “Default: 50 years” but the value is invalid
   It should be validity=${validity:-18250}
2. Typo: keysize vs keySize
   In generate_admin_certificate:
   default_bits = $keysize
   openssl genrsa -out admin_key.tmp $keysize
   But Variable is defined as keySize elsewhere.
   So openssl genrsa will fail and Config file will contain empty default_bits
   It should be:
   default_bits = $keySize
   openssl genrsa -out admin_key.tmp $keySize

There are also other minor issues and improvements that could be implemented, but these are critical errors.