springboot使用ssl连接elasticsearch

使用es时ssl证书报错 unable to find valid certification path to requested target

1.依赖

bash 复制代码
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-elasticsearch</artifactId>
        </dependency>

2.配置证书

ssl证书转换

bash 复制代码
keytool -import -alias mycert -file mycert.cer -keystore mytruststore.jks -storepass mytruststorepassword

application.yaml配置

bash 复制代码
spring:  
  elasticsearch:
    key-store: classpath:ssl/truststore.jks
    key-store-password: test123..
    username: admin
    password: xxx
    #不用带协议
    uris: xxxxx:9200

配置类

bash 复制代码
package com.echosell.spider.appspider.config;

import com.echosell.spider.appspider.entity.properties.EsProperties;
import lombok.extern.slf4j.Slf4j;
import org.elasticsearch.client.RestHighLevelClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.data.elasticsearch.client.ClientConfiguration;
import org.springframework.data.elasticsearch.client.RestClients;
import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.security.KeyStore;

/**
 * @author 张子一
 * @project echosell-spider
 * @description es配置
 * @date 2025年01月20日*
 */
@Configuration
@Slf4j
public class ElasticsearchTemplateConfig {

    @Autowired
    EsProperties esProperties;
    @Autowired
    ResourceLoader resourceLoader;

    @Bean
    public RestHighLevelClient restHighLevelClient() throws Exception {
        ClientConfiguration clientConfiguration = ClientConfiguration.builder().connectedTo(esProperties.getUris())
                .usingSsl(createSSLContext(esProperties.getKeyStore(), esProperties.getKeyStorePassword()))
                .withBasicAuth(esProperties.getUsername(), esProperties.getPassword())
                .build();
        return RestClients.create(clientConfiguration).rest();
    }

    @Bean
    public ElasticsearchRestTemplate elasticsearchRestTemplate(RestHighLevelClient restHighLevelClient){
        return new ElasticsearchRestTemplate(restHighLevelClient);
    }




    private SSLContext createSSLContext(String keyStorePath, String keyStorePassword) throws Exception {
//        // 加载密钥库
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        Resource resource = resourceLoader.getResource(keyStorePath);
        // 读取文件内容...
        try (FileInputStream fileInputStream = new FileInputStream(resource.getFile())) {
            trustStore.load(fileInputStream, keyStorePassword.toCharArray());
        }

        // 创建信任管理器工厂
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        // 初始化 SSLContext
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, trustManagerFactory.getTrustManagers(), null);

        return sslContext;
    }

}

3.信任所有证书(无证书使用)

bash 复制代码
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{new X509TrustManager() {
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}}, new SecureRandom());

直接使用ElasticsearchRestTemplate即可

4.介绍

网上百度无结果,查看了部分结果发现 RestHighLevelClient 使用的SSLContext,且默认使用的系统默认证书 ,将自己的证书导入 SSLContext,封装到RestHighLevelClient即可。

相关推荐
haciii17 分钟前
Spring Boot启动源码深度分析 —— 新手也能看懂的原理剖析
spring boot
空想兔22 分钟前
JeecgBoot SkyWalking 分布式链路跟踪配置
后端·elasticsearch
泉城老铁7 小时前
Spring Boot对接抖音获取H5直播链接详细指南
spring boot·后端·架构
后端小张1 天前
基于飞算AI的图书管理系统设计与实现
spring boot
MacroZheng1 天前
横空出世!MyBatis-Plus 同款 ES ORM 框架,用起来够优雅!
java·后端·elasticsearch
考虑考虑2 天前
Jpa使用union all
java·spring boot·后端
Elasticsearch2 天前
平衡尺度:利用权重使倒数排序融合 (RRF) 更加智能
elasticsearch
阿杆2 天前
同事嫌参数校验太丑,我直接掏出了更优雅的 SpEL Validator
java·spring boot·后端
昵称为空C3 天前
SpringBoot3 http接口调用新方式RestClient + @HttpExchange像使用Feign一样调用
spring boot·后端
muyun28003 天前
Docker 下部署 Elasticsearch 8 并集成 Kibana 和 IK 分词器
elasticsearch·docker·容器