Unable to establish SSL connection with ElasticSearch 6.x using Rest Client


(Aishwarya S) #1

I am using the following code snippet to establish an SSL connection to ElasticSearch.

KeyStore sslAuth = KeyStore.getInstance("jks");

                OpenOption[] options = new OpenOption[] { StandardOpenOption.READ };
                Path keyStorePath = Paths.get("config/indexer/keystore.jks");
                Path trustStorePath = Paths.get("config/indexer/truststore.jks");
                List<HttpHost> hosts = new ArrayList<>();
                hosts.add(new HttpHost("localhost", 9200, "https"));
                
                try(InputStream keyStoreStream = Files.newInputStream(keyStorePath.toAbsolutePath(), options);
                        InputStream trustStoreStream = Files.newInputStream(trustStorePath.toAbsolutePath(), options))
                {
                    try {
                        sslAuth.load(keyStoreStream, "username".toCharArray());
                        sslAuth.load(trustStoreStream, "pass".toCharArray());
                        SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(sslAuth, null);
                        final SSLContext sslContext = sslBuilder.build();
                        
                        elasticSearchRestClient = RestClient.builder(hosts.toArray(new HttpHost[hosts.size()]))
                                .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
                                    @Override
                                    public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                                        return httpClientBuilder.setSSLContext(sslContext);
                                    }
                                }).build();
                        } catch (Exception e) {
                            logger.error("Exception occured during Rest Client Initialization {}", e);
                        } 
                }

But it is failing with the following error:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
	at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:156)
	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:868)
	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
	at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:271)
	at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:316)
	at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:499)
	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
	at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
	at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
	at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
	at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588)
	at java.lang.Thread.run(Thread.java:748)

Seems HTTP is only supported? Could anyone please help resolve this issue?


(Thiago Souza) #2

Did you install and configure X-Pack Security in Elasticsearch?


(Aishwarya S) #3

No..I am setting up and testing elasticsearch locally and I have installed elasticsearch server and kibana but not x-pack. I want to establish an SSL connection and I have the certificate files necessary to setup the connection.Could you please provide the documentation link for xpack for elastic search 6.x?
And how can xpack be configured for a production based elastic search cluster?
Thanks in advance.


(Thiago Souza) #4

Built-in HTTPS support in Elasticsearch comes only with X-Pack Security installed and configured.

Additionally, you will need at least a Gold Subscription to be able to use it in production.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.