不为失败找理由,要为成功找方法。

使用spring-data-elasticsearch报错unable to find valid certification path to requested target

Elasticsearch | 作者 HeyChiang | 发布于2021年06月24日 | 阅读数:3899
分享到:QQ空间新浪微博微信QQ好友印象笔记有道云笔记
版本elasticsearch集群7.13.2版本
spring-data-elasticsearch使用4.2.1版本
jdk 1.8版本
 
问题
我在集群里面做了TLS,使用下面Java代码进行访问es的时候就报错。
 
错误
java.lang.IllegalStateException: Failed to execute CommandLineRunner

	at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:794) [spring-boot-2.5.1.jar:2.5.1]

	at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:775) [spring-boot-2.5.1.jar:2.5.1]

	at org.springframework.boot.SpringApplication.run(SpringApplication.java:345) [spring-boot-2.5.1.jar:2.5.1]

	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1343) [spring-boot-2.5.1.jar:2.5.1]

	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1332) [spring-boot-2.5.1.jar:2.5.1]

	at com.chiang.elastic.Application.main(Application.java:23) [classes/:na]

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at org.elasticsearch.client.RestClient.extractAndWrapCause(RestClient.java:875) ~[elasticsearch-rest-client-7.12.1.jar:7.12.1]

	at org.elasticsearch.client.RestClient.performRequest(RestClient.java:283) ~[elasticsearch-rest-client-7.12.1.jar:7.12.1]

	at org.elasticsearch.client.RestClient.performRequest(RestClient.java:270) ~[elasticsearch-rest-client-7.12.1.jar:7.12.1]

	at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1654) ~[elasticsearch-rest-high-level-client-7.12.1.jar:7.12.1]

	at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1624) ~[elasticsearch-rest-high-level-client-7.12.1.jar:7.12.1]

	at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1594) ~[elasticsearch-rest-high-level-client-7.12.1.jar:7.12.1]

	at org.elasticsearch.client.RestHighLevelClient.index(RestHighLevelClient.java:1011) ~[elasticsearch-rest-high-level-client-7.12.1.jar:7.12.1]

	at com.chiang.elastic.service.ElasticClient.indexRequest(ElasticClient.java:40) ~[classes/:na]

	at com.chiang.elastic.Application.run(Application.java:28) [classes/:na]

	at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:791) [spring-boot-2.5.1.jar:2.5.1]

	... 5 common frames omitted

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:1.8.0_281]

	at sun.security.ssl.TransportContext.fatal(TransportContext.java:353) ~[na:1.8.0_281]

	at sun.security.ssl.TransportContext.fatal(TransportContext.java:296) ~[na:1.8.0_281]

	at sun.security.ssl.TransportContext.fatal(TransportContext.java:291) ~[na:1.8.0_281]

	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652) ~[na:1.8.0_281]

	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471) ~[na:1.8.0_281]

	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367) ~[na:1.8.0_281]

	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376) ~[na:1.8.0_281]

	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[na:1.8.0_281]

	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:983) ~[na:1.8.0_281]

	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:970) ~[na:1.8.0_281]

	at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_281]

	at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:917) ~[na:1.8.0_281]

	at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:285) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:345) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:523) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591) ~[httpcore-nio-4.4.12.jar:4.4.12]

	at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_281]

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:1.8.0_281]

	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:1.8.0_281]

	at sun.security.validator.Validator.validate(Validator.java:271) ~[na:1.8.0_281]

	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312) ~[na:1.8.0_281]

	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:275) ~[na:1.8.0_281]

	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:140) ~[na:1.8.0_281]

	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:630) ~[na:1.8.0_281]

	... 19 common frames omitted

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_281]

	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_281]

	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_281]

	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:1.8.0_281]

	... 25 common frames omitted





Process finished with exit code 1

 
代码
@Configuration

public class RestClientConfig extends AbstractElasticsearchConfiguration {



    @Override

    @Bean

    public RestHighLevelClient elasticsearchClient() {

        final ClientConfiguration clientConfiguration = ClientConfiguration.builder()

                .connectedTo("192.168.xxx.xxx:9200")

                .usingSsl()

                .withBasicAuth("elastic","QYXT4QD56ChndEoxxxxT")

                .build();



        return RestClients.create(clientConfiguration).rest();

    }

}
2021-06-24 添加评论

没有找到相关结果

    已邀请:

    lewis

    赞同来自:

    unable to find valid certification path to requested target、在给定的目标没有找到证书啊;
    一般情况下、9300加证书就行、9200可以不加
    2021-06-24 0 3
    分享
    匿名用户

    匿名用户

    赞同来自:

    你这明显是证书有错误.
    一看就是自己拿java keytool工具生成的.
     
     
     
    2021-06-24 0 0
    分享

    HeyChiang

    赞同来自:

    问题已经解决。
     
    直接使用ca.crt保存在jdk路径就可以了,这个ca.crt证书来自官网ElastichSearch Stack的Docker自动生成的,存入证书的命令为:
    keytool -import -alias elastic -keystore cacerts -file 'D:\ca.crt' -storepass changeit
    2021-07-01 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    Copyright © 2024 · CC BY-NC-SA 3.0

    本站服务器及带宽由 提供赞助