8.2 closing connection when creating an index

I'm building my own REST provider for 8.2 - an upgrade from one which ran on 6, but with obvious changes to the code.
I created a gist

which shows the code with "<<<<<" indicating where it is failing; there is the console from the ES server and the Java stack trace.

What's going on is that I am creating a named index with number of shards and replicas, plus a JSON mappings string. Right now, it's not clear to me why ES is not happy. I am using "localhost"and "9200" to address the server,as I have in the past.

I suspect I am somehow abusing the APIs provided by Elasticsearch Java, but admit that documentation for Java developers is way behind - very few examples on github for > 7 and those which do always seem to ignore setting up indexes. I just borrow ideas from surfing the ES Java repo.

Thanks in advance.

In the error

received plaintext http traffic on an https channel, closing connection <!--- Here 
Netty4HttpChannel{localAddress=/, remoteAddress=/}

looks like you are sending the request to http instead of https when you initially created the connection, it looks like it is expecting https which is the default for 8.x

Think you need to look here

The following is an example of setting up the client to trust the CA that has signed the certificate that Elasticsearch is using, when that CA certificate is available as a PEM encoded file.

Path caCertificatePath = Paths.get("/path/to/ca.crt");
CertificateFactory factory =
Certificate trustedCa;
try (InputStream is = Files.newInputStream(caCertificatePath)) {
    trustedCa = factory.generateCertificate(is);
KeyStore trustStore = KeyStore.getInstance("pkcs12");
trustStore.load(null, null);
trustStore.setCertificateEntry("ca", trustedCa);
SSLContextBuilder sslContextBuilder = SSLContexts.custom()
    .loadTrustMaterial(trustStore, null);
final SSLContext sslContext = sslContextBuilder.build();
    new HttpHost("localhost", 9200, "https"))
    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
        public HttpAsyncClientBuilder customizeHttpClient(
            HttpAsyncClientBuilder httpClientBuilder) {
            return httpClientBuilder.setSSLContext(sslContext);

Interesting. Thanks.

Added that "https" bit but now we see
Stuck on
co.elastic.clients.Elasticsearch._types.ElasticsearchException: [es/indices.create] failed: [security_exception] missing authentication credentials for REST request [/topics]

which begs this:
I have the password I configured for a user password.
The documentation talks about "built-in" users and setting the password.

I created a user in kibana with editor role.
My code addition to yours is

BasicCredentialsProvider credsProv = new BasicCredentialsProvider();


AuthScope.ANY, new UsernamePasswordCredentials(uname, pwd)


restClient = RestClient.builder(

new HttpHost("localhost", 9200, "https"))

.setHttpClientConfigCallback(hc -> hc.setDefaultCredentialsProvider(credsProv))

.setHttpClientConfigCallback(new HttpClientConfigCallback() {


public HttpAsyncClientBuilder customizeHttpClient(

HttpAsyncClientBuilder httpClientBuilder) {

return httpClientBuilder.setSSLContext(sslContext);



But I get that error.

Trying to sort out users.


First, that's not my code That's from the documentation.

Second, I don't know what you mean by editor role. There's lots of different permissions when you create a role.

What I would do is try with the elastic user and password That was created when you configured Elasticsearch first to see if it works and connects.

And can create the indexes do the operations you want to try to see if you can get the Java client working.

Then I would read about users and roles and then I create a user and role and try to login through Kibana and create the same indices etc through the Dev tools to make sure you can actually do The operations you want with that user and role.

Only then would I try to use a new user and role through the Java client.

You Could spend a lot of time trying to debug the Java. Just to find out you have the user and roles permission.

Just a suggestion.

That's the code I entered. There's an issue with it: (null, null) should be (inputstream to the keystore, keystore password).

An example I found here

uses "password".

I found that I needed to set the password, which I did.

Now that I, in theory, have jumped through those hoops, the example earlier said
KeyStore trustStore = KeyStore.getInstance("pkcs12");
whereas the example just found (albeit from an earlier date) says
KeyStore keyStore = KeyStore.getInstance("jks");
This example

uses pkcs12.
That leaves me with a new error, one which comes before the authentication issue:

DerInputStream.getLength(): lengthTag=87, too big.

I am using the path to the ES keystore as the trustPath.

Google isn't very helpful on that error.

My suggestion is to open a new topic with a very descriptive subject line. Your subject line is too generic and put very specific explanation of your problem in like you have here . There should be people here that use the Java client I'm pretty sure Perhaps and you'll get an answer. It's not my area expertise.

Subject Like

Trouble Connecting over SSL with new 8.x Java API Client.

The put your entire config in ... not just certain lines .. .and all the applicable logs.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.