springboot使用ssl连接elasticsearch

使用es时ssl证书报错 unable to find valid certification path to requested target

1.依赖

bash 复制代码
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-elasticsearch</artifactId>
        </dependency>

2.配置证书

ssl证书转换

bash 复制代码
keytool -import -alias mycert -file mycert.cer -keystore mytruststore.jks -storepass mytruststorepassword

application.yaml配置

bash 复制代码
spring:  
  elasticsearch:
    key-store: classpath:ssl/truststore.jks
    key-store-password: test123..
    username: admin
    password: xxx
    #不用带协议
    uris: xxxxx:9200

配置类

bash 复制代码
package com.echosell.spider.appspider.config;

import com.echosell.spider.appspider.entity.properties.EsProperties;
import lombok.extern.slf4j.Slf4j;
import org.elasticsearch.client.RestHighLevelClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.data.elasticsearch.client.ClientConfiguration;
import org.springframework.data.elasticsearch.client.RestClients;
import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.security.KeyStore;

/**
 * @author 张子一
 * @project echosell-spider
 * @description es配置
 * @date 2025年01月20日*
 */
@Configuration
@Slf4j
public class ElasticsearchTemplateConfig {

    @Autowired
    EsProperties esProperties;
    @Autowired
    ResourceLoader resourceLoader;

    @Bean
    public RestHighLevelClient restHighLevelClient() throws Exception {
        ClientConfiguration clientConfiguration = ClientConfiguration.builder().connectedTo(esProperties.getUris())
                .usingSsl(createSSLContext(esProperties.getKeyStore(), esProperties.getKeyStorePassword()))
                .withBasicAuth(esProperties.getUsername(), esProperties.getPassword())
                .build();
        return RestClients.create(clientConfiguration).rest();
    }

    @Bean
    public ElasticsearchRestTemplate elasticsearchRestTemplate(RestHighLevelClient restHighLevelClient){
        return new ElasticsearchRestTemplate(restHighLevelClient);
    }




    private SSLContext createSSLContext(String keyStorePath, String keyStorePassword) throws Exception {
//        // 加载密钥库
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        Resource resource = resourceLoader.getResource(keyStorePath);
        // 读取文件内容...
        try (FileInputStream fileInputStream = new FileInputStream(resource.getFile())) {
            trustStore.load(fileInputStream, keyStorePassword.toCharArray());
        }

        // 创建信任管理器工厂
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        // 初始化 SSLContext
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, trustManagerFactory.getTrustManagers(), null);

        return sslContext;
    }

}

3.信任所有证书(无证书使用)

bash 复制代码
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{new X509TrustManager() {
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}}, new SecureRandom());

直接使用ElasticsearchRestTemplate即可

4.介绍

网上百度无结果,查看了部分结果发现 RestHighLevelClient 使用的SSLContext,且默认使用的系统默认证书 ,将自己的证书导入 SSLContext,封装到RestHighLevelClient即可。

相关推荐
ladymorgana1 小时前
【Spring Boot】HikariCP 连接池 YAML 配置详解
spring boot·后端·mysql·连接池·hikaricp
huisheng_qaq3 小时前
【ElasticSearch实用篇-01】需求分析和数据制造
大数据·elasticsearch·制造
GJCTYU3 小时前
spring中@Transactional注解和事务的实战理解附代码
数据库·spring boot·后端·spring·oracle·mybatis
风象南4 小时前
SpringBoot敏感配置项加密与解密实战
java·spring boot·后端
写不出来就跑路5 小时前
暑期实习感悟与经验分享:从校园到职场的成长之路
java·开发语言·经验分享·spring boot
程序员张39 小时前
Maven编译和打包插件
java·spring boot·maven
灵犀学长11 小时前
EasyExcel之SheetWriteHandler:解锁Excel写入的高阶玩法
spring boot·excel
zwjapple11 小时前
docker-compose一键部署全栈项目。springboot后端,react前端
前端·spring boot·docker
诗句藏于尽头12 小时前
完成ssl不安全警告
网络协议·安全·ssl
DuelCode14 小时前
Windows VMWare Centos Docker部署Springboot 应用实现文件上传返回文件http链接
java·spring boot·mysql·nginx·docker·centos·mybatis