I'm attempting to enable HTTPS for elasticsearch.
First I create the elasticsearch certificate authority.
elasticsearch-certutil ca
Then I generate the certificate.
elasticsearch-certutil cert --ca elastic-stack-ca.p12
This generates elastic-certificates.p12.
I have the configuration in my /usr/share/elasticsearch/config/elasticsearch.yml
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.type: PKCS12
xpack.security.http.ssl.keystore.path: elastic-certificate.p12
For my RestClient I have:
RestClientBuilder clientBuilder = RestClient.builder(
new HttpHost(host, port, "https"))
.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
.setSSLContext(sslContext)
.setDefaultCredentialsProvider(credentialsProvider));
Adding the following code to allow the truststore doesn't seem to work.
String trustStoreFileName = "elastic-certificates.p12";
char[] trustStorePassword = null;
SSLContext sslContext;
ClassLoader classLoader = <FileName.java>.class.getClassLoader();
try (InputStream inputStream = classLoader.getResourceAsStream(trustStoreFilename)) {
if (inputStream == null) {
throw <ERROR>
}
KeyStore trustStore = Keystore.getInstance("PKCS12");
trustStore.load(inputStream, trustStorePassword);
sslContext = SSLContextBuilder.create().loadTrustMaterial(trustStore, null).build();
} catch (Exception e) { ... }
I'm not super familiar with how SSL works in this case. Does this seem right? Making requests explicitly ignoring the certificate seems to work but that is not what I want.
Any help would be appreciated.