Java High Level Rest Client to Elasicsearch


I am using Java High Level Rest client on Spring boot to perform Search API operations.

Our Elasticsearch is protected with https and basic(user/pwd) authentication.
I'm receiving below exception , PKIX path building failed: unable to find valid certification path to requested target

Code below,

	public RestHighLevelClient initializeClient() {
		final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
		credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));

		RestClientBuilder builder = RestClient.builder(new HttpHost(host, port, "https")).setHttpClientConfigCallback(
				httpClientBuilder -> httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider));
			    new RestClientBuilder.RequestConfigCallback() {
			        public RequestConfig.Builder customizeRequestConfig(
			                RequestConfig.Builder requestConfigBuilder) {
			            return requestConfigBuilder.setSocketTimeout(10000); 
		RestHighLevelClient client = new RestHighLevelClient(builder);

		return client;

Do i need to do something more to connect to a https elastic search service , if so how would solution varies across dev and prod. DO i need to install ssl certificate of elasticsearch into my jvm?


This is not Elastic specific: Your Java installation does not trust your Elastic certificate. Depending on your java version you can find the trusted certificates under $JAVA_HOME/lib/security/cacerts or $JAVA_HOME/jre/lib/security/cacerts. This file should include your any certificate of your cert chain.

Best regards

1 Like


Appreciate your response.

In prod also do we need to do same?

I have tested from postman ( and it worked after turning off ssl certificate verification in postman settings. Can i do something similar from java rest high level client rather than installing the certificate in jvm. I'm new to working with ssl .

While it is possible(see here for example) I absolutely do NOT recommend that!

1 Like

@Wolfram_Haussig Thanks got it working after installing ssl certificate in java keystore.