Open Source Java Client XPack Security SSL Example

I'm trying to use the new Java Client and running into issues when trying to connect to Elasticsearch running in a docker container now that xpack security is turned on by default.

I'm getting the following error here.

"message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel

I'm following the instructions here and trying use the http.p12 and password

and here

And can't seem to get a connection working.

What am I missing here? I haven't been able to find a full tutorial and now that xpack security is on by default perhaps this should be part of the client documentation.

This post has a similar problem.

The second example in Encrypted communication | Elasticsearch Java API Client [8.2] | Elastic in combination with Basic authentication | Elasticsearch Java API Client [8.2] | Elastic should be exactly what you need to do.

In order for anyone to be able to meaningfully help you, you will need to share with us exactly what you tried ( or share your code snippet ) and exactly how it did not work.

I was able to get it working. I was missing the following property which currently defaults to http


The full set of necessary properties now that xpack is on by default are

quarkus.elasticsearch.protocol=http quarkus.elasticsearch.username=elastic quarkus.elasticsearch.password=somesecret

I also needed to use the http.p12

with the following class to configure the low level client

package com.example;

import io.quarkus.arc.Unremovable;
import io.quarkus.elasticsearch.restclient.lowlevel.ElasticsearchClientConfig;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.elasticsearch.client.RestClientBuilder;
import org.jboss.logging.Logger;

import javax.enterprise.context.ApplicationScoped;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;

public class ElasticSearchSSLContextConfigurator implements RestClientBuilder.HttpClientConfigCallback {

    public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) {
        try {
            String keyStorePass = "secret";
            Path trustStorePath = Paths.get("/some/path/http.p12");
            KeyStore truststore = KeyStore.getInstance("pkcs12");
            try (InputStream is = Files.newInputStream(trustStorePath)) {
                truststore.load(is, keyStorePass.toCharArray());
            SSLContextBuilder sslBuilder = SSLContexts.custom()
                .loadTrustMaterial(truststore, null);
            SSLContext sslContext =;
        } catch (Exception e) {
            throw new RuntimeException(e);

        return httpAsyncClientBuilder;

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.