Elasticsearch HTTPS and Adding to Java Rest Client

I'm attempting to enable HTTPS for elasticsearch.

First I create the elasticsearch certificate authority.

elasticsearch-certutil ca

Then I generate the certificate.

elasticsearch-certutil cert --ca elastic-stack-ca.p12

This generates elastic-certificates.p12.

I have the configuration in my /usr/share/elasticsearch/config/elasticsearch.yml

xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.type: PKCS12
xpack.security.http.ssl.keystore.path: elastic-certificate.p12

For my RestClient I have:

RestClientBuilder clientBuilder = RestClient.builder(
  new HttpHost(host, port, "https"))
  .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
    .setSSLContext(sslContext)
    .setDefaultCredentialsProvider(credentialsProvider));

Adding the following code to allow the truststore doesn't seem to work.

String trustStoreFileName = "elastic-certificates.p12";
char[] trustStorePassword = null;
SSLContext sslContext;

ClassLoader classLoader = <FileName.java>.class.getClassLoader();
try (InputStream inputStream = classLoader.getResourceAsStream(trustStoreFilename)) {
  if (inputStream == null) {
    throw <ERROR>
  }
  KeyStore trustStore = Keystore.getInstance("PKCS12");
  trustStore.load(inputStream, trustStorePassword);
  sslContext = SSLContextBuilder.create().loadTrustMaterial(trustStore, null).build();
} catch (Exception e) { ... }

I'm not super familiar with how SSL works in this case. Does this seem right? Making requests explicitly ignoring the certificate seems to work but that is not what I want.

Any help would be appreciated.

Welcome!

May be this could help?