因为docker服务端安装的是9.0.3版本
引依赖也用该版本
<dependency>
<groupId>co.elastic.clients</groupId>
<artifactId>elasticsearch-java</artifactId>
<version>9.0.3</version>
</dependency>写个测试方法
@Test
void test() throws IOException {
// System.out.println(client);
// System.setProperty("javax.net.ssl.trustStore", "NONE");
// System.setProperty("javax.net.ssl.trustStoreType", "NONE");
String serverUrl = "https://192.168.68.238:9200";
String apiKey = "T0NBdVFwZ0ItSUhuamtlUDVpbHY6Zl9VaENxLW5TaFVERkQ2WWpGa3dBdw==";
ElasticsearchClient esClient = ElasticsearchClient.of(b -> b
.host(serverUrl)
.apiKey(apiKey)
);
GetResponse<String> response = esClient.get(g -> g
.index("my-index")
.id("cI3uQZgBlzzUuWKk0CXQ"),
String.class
);
System.out.println(response);但是启动默认就报错
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271) at java.base/sun.security.validator.Validator.validate(Validator.java:256) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:284) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1296) ... 19 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383) ... 24 more看错误信息找不到证书
建议别的方法什么禁用什么的就别试了,正常方法是把ssl证书导入到java证书库中
1.下载证书
openssl s_client -connect 192.168.68.238:9200 < /dev/null 2>/dev/null | openssl x509 > elasticsearch.crt
2.将证书复制到java目录中(很重要,一般java都是program file目录中,也就是中间有空格,赋值到该目录能避免很多麻烦)
3.管理员模式(很关键)打开cmd执行
.\bin\keytool.exe -import -alias elasticsearch-server -keystore .\lib\security\cacerts -file elasticsearch.crt
选择y
C:\Program Files\Java\jdk-21>.\bin\keytool.exe -import -alias elasticsearch-server -keystore .\lib\security\cacerts -fil
e elasticsearch.crt
警告: 使用 -cacerts 选项访问 cacerts 密钥库
所有者: CN=577c1db50d5c
发布者: CN=Elasticsearch security auto-configuration HTTP CA
序列号: 8f1cc55f03e5947e2a80c82e135a923b74e79c3d
生效时间: Fri Jul 25 20:45:21 CST 2025, 失效时间: Sun Jul 25 20:45:21 CST 2027
证书指纹:
SHA1: CA:22:49:56:75:A1:DE:A2:EA:1F:15:0A:E5:B5:24:85:83:B7:C8:D0
SHA256: 47:07:3D:90:9F:9E:5C:CB:34:55:1C:BE:B1:4D:B3:5D:95:D1:75:0C:52:0A:F8:E4:2D:5C:55:FC:67:43:ED:30
签名算法名称: SHA256withRSA
主体公共密钥算法: 4096 位 RSA 密钥
版本: 3
扩展:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E6 1C C8 6A 3C C7 F8 20 F2 A1 41 54 B1 0B 3E 24 ...j<.. ..AT..>$
0010: 4D 75 EA 19 Mu..
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: 577c1db50d5c
IPAddress: 0:0:0:0:0:0:0:1
IPAddress: 127.0.0.1
IPAddress: 172.20.0.2
DNSName: localhost
]
#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A0 91 72 1E 9F 16 C4 00 C9 C7 FE F8 C6 2D FD F0 ..r..........-..
0010: 08 15 FE 60 ...`
]
]
是否信任此证书? [否]: y
证书已添加到密钥库中
C:\Program Files\Java\jdk-21>关键步骤:cmd管理模式,不要使用JAVA_HOME环境变量,不要选择在带空格的目录