使用es时ssl证书报错 unable to find valid certification path to requested target
1.依赖
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-data-elasticsearch</artifactId></dependency>
2.配置证书
ssl证书转换,使用的jdk工具将cer证书转换为jks证书
keytool -import -alias mycert -file mycert.cer -keystore mytruststore.jks -storepass test123..application.yaml配置
spring: elasticsearch:key-store: classpath:ssl/truststore.jks#转换证书时的密码key-store-password: test123..username: adminpassword: xxx#不用带协议uris: xxxxx:9200配置类
package com.echosell.spider.appspider.config;import com.echosell.spider.appspider.entity.properties.EsProperties;
import lombok.extern.slf4j.Slf4j;
import org.elasticsearch.client.RestHighLevelClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.data.elasticsearch.client.ClientConfiguration;
import org.springframework.data.elasticsearch.client.RestClients;
import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.security.KeyStore;/*** @author zzy* @project echosell-spider* @description es配置* @date 2025年01月20日**/
@Configuration
@Slf4j
public class ElasticsearchTemplateConfig {@AutowiredEsProperties esProperties;@AutowiredResourceLoader resourceLoader;@Beanpublic RestHighLevelClient restHighLevelClient() throws Exception {ClientConfiguration clientConfiguration = ClientConfiguration.builder().connectedTo(esProperties.getUris()).usingSsl(createSSLContext(esProperties.getKeyStore(), esProperties.getKeyStorePassword())).withBasicAuth(esProperties.getUsername(), esProperties.getPassword()).build();return RestClients.create(clientConfiguration).rest();}@Beanpublic ElasticsearchRestTemplate elasticsearchRestTemplate(RestHighLevelClient restHighLevelClient){return new ElasticsearchRestTemplate(restHighLevelClient);}private SSLContext createSSLContext(String keyStorePath, String keyStorePassword) throws Exception {
// // 加载密钥库KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());Resource resource = resourceLoader.getResource(keyStorePath);// 读取文件内容...try (FileInputStream fileInputStream = new FileInputStream(resource.getFile())) {trustStore.load(fileInputStream, keyStorePassword.toCharArray());}// 创建信任管理器工厂TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());trustManagerFactory.init(trustStore);// 初始化 SSLContextSSLContext sslContext = SSLContext.getInstance("TLS");sslContext.init(null, trustManagerFactory.getTrustManagers(), null);return sslContext;}}3.信任所有证书(无证书使用)
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{new X509TrustManager() {public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}public X509Certificate[] getAcceptedIssuers() {return new X509Certificate[0];}
}}, new SecureRandom());直接使用ElasticsearchRestTemplate即可
4.介绍
网上百度无结果,查看了部分源码发现 RestHighLevelClient 使用的SSLContext,且默认使用的系统默认证书 ,将自己的证书导入 SSLContext,封装到RestHighLevelClient即可。
)
)
)
)
)
