Java High Level Rest Client to Elasicsearch

pathfinder225 · October 5, 2020, 6:21am

Hi

I am using Java High Level Rest client on Spring boot to perform Search API operations.

Our Elasticsearch is protected with https and basic(user/pwd) authentication.
I'm receiving below exception ,

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Code below,

	@Bean
	public RestHighLevelClient initializeClient() {
		final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
		credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));

		RestClientBuilder builder = RestClient.builder(new HttpHost(host, port, "https")).setHttpClientConfigCallback(
				httpClientBuilder -> httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider));
		
		builder.setRequestConfigCallback(
			    new RestClientBuilder.RequestConfigCallback() {
			        @Override
			        public RequestConfig.Builder customizeRequestConfig(
			                RequestConfig.Builder requestConfigBuilder) {
			            return requestConfigBuilder.setSocketTimeout(10000); 
			        }
			    });
		
		RestHighLevelClient client = new RestHighLevelClient(builder);

		return client;
	}

Do i need to do something more to connect to a https elastic search service , if so how would solution varies across dev and prod. DO i need to install ssl certificate of elasticsearch into my jvm?

Wolfram_Haussig · October 5, 2020, 6:48am

Hi,

This is not Elastic specific: Your Java installation does not trust your Elastic certificate. Depending on your java version you can find the trusted certificates under $JAVA_HOME/lib/security/cacerts or $JAVA_HOME/jre/lib/security/cacerts. This file should include your any certificate of your cert chain.

Best regards
Wolfram

pathfinder225 · October 5, 2020, 6:52am

@Wolfram_Haussig

Appreciate your response.

In prod also do we need to do same?

I have tested from postman (https://10.23.211.244:9002/?pretty) and it worked after turning off ssl certificate verification in postman settings. Can i do something similar from java rest high level client rather than installing the certificate in jvm. I'm new to working with ssl .

Wolfram_Haussig · October 5, 2020, 6:59am

While it is possible(see here for example) I absolutely do NOT recommend that!

pathfinder225 · October 6, 2020, 2:17pm

@Wolfram_Haussig Thanks got it working after installing ssl certificate in java keystore.

system · November 3, 2020, 2:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.