There's a file format error in the file at trustStorePath. Is it a .p12 file, which is expected by KeyStore.getInstance("pkcs12")? If this is a .jks file, the KeyStore should be created as "JKS".
That being said, you should not need to load anything in the keystore except the certificate. Here's a helper function that creates a working SSL context (tested with Elasticseach 8.2.2):
public static SSLContext fromHttpCaCrt(File file) throws CertificateException, IOException {
try(InputStream in = new FileInputStream(file)) {
return fromHttpCaCrt(in);
}
}
public static SSLContext fromHttpCaCrt(InputStream in) throws CertificateException {
try {
CertificateFactory pkcs1 = CertificateFactory.getInstance("X.509");
Certificate certificate = pkcs1.generateCertificate(in);
final KeyStore keyStore = KeyStore.getInstance("pkcs12");
keyStore.load(null, null);
keyStore.setCertificateEntry("elasticsearch-ca", certificate);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X.509");
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
return sslContext;
} catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException | IOException e) {
throw new RuntimeException(e);
}
}