Correct use of SSL with Java REST API

Elastic Stack Elasticsearch
2

So, I think I found most of the information.
Here is what I did:

  • Created a jks keystore by importing the elastic ca.crt file into a new store
  • imported the node certificates in the store

Updated my java code to set the necessary config:
private RestHighLevelClient SSLConnection(HttpHost hosts) {
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(connectionUser, connectionPassword));

	KeyStore truststore;
	try {
		truststore = KeyStore.getInstance("jks");
		InputStream is = new FileInputStream(new File(jksBasePath + jksStore));
		truststore.load(is, jksPassword.toCharArray());
		SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(truststore, null);
		final SSLContext sslContext = sslBuilder.build();
		
		RestClientBuilder builder = RestClient.builder(hosts)
				.setHttpClientConfigCallback(new HttpClientConfigCallback() {
					@Override
					public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
						httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
						httpClientBuilder.setSSLContext(sslContext);
						return httpClientBuilder;
					}
				});
		return new RestHighLevelClient(builder);
		
	} catch (KeyStoreException e) {
		Diag.error(TraceSubSection, "SSLConnection", "KeyStoreException on JKS file", e);
	} catch (FileNotFoundException e) {
		Diag.error(TraceSubSection, "SSLConnection", "JKS file not found", e);
	} catch (NoSuchAlgorithmException e) {
		Diag.error(TraceSubSection, "SSLConnection", "NoSuchAlgorithmException", e);
	} catch (CertificateException e) {
		Diag.error(TraceSubSection, "SSLConnection", "CertificateException", e);
	} catch (IOException e) {
		Diag.error(TraceSubSection, "SSLConnection", "IOException on JKS file", e);
	} catch (KeyManagementException e) {
		Diag.error(TraceSubSection, "SSLConnection", "KeyManagementException on sslBuilder.build()", e);
	} 
	return null;
}

I know the catch side can be more efficient but that is just for clarity sake during dev.
It seems to work, but I wanted to check whether I missed something that might bite me later like with regards, to performance