6.6.X版本的es配置了x-pack之后,如何在java中创建transportClient
Elasticsearch | 作者 sunshine_grand | 发布于2019年04月12日 | 阅读数:8740
大家好!
我现在用的6.6.2版本的elasticsearch,配置了xpack,并且设置了证书配置,配置项如下
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
#enable PKI authentication
xpack.security.authc.realms.pki1.type: pki
#xpack.security.transport.ssl.key: certs/node-1/node-1.key
#xpack.security.transport.ssl.certificate: certs/node-1/node-1.crt
#xpack.security.transport.ssl.certificate_authorities: ["certs/ca/ca.crt"]
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
#set to optional to allow unauthorized client authorize with other certificate
xpack.security.transport.ssl.client_authentication: optional
在java项目中创建TransportClient,配置项如下:
Settings settings = Settings.builder()
.put("cluster.name", clusterName)
.put("xpack.security.user", username+":"+password)
.put("xpack.security.enabled",true)
.put("xpack.security.transport.ssl.enabled", true)
// .put("client.transport.sniff", true)
启动java项目后,控制台报错:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
个人推测,这个应该是java里没有配置elasticsearch集群的证书,想请问一下,有没有大佬知道,要在java里面配置集群的哪个证书?我试了集群生成的elastic-certificates.p12,还有英文文档里的Creating a client certificate方法创建cer证书然后放到java的证书库里,都报错,
java报错信息为:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_191]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_191]
at sun.security.validator.Validator.validate(Validator.java:262) ~[na:1.8.0_191]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_191]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[na:1.8.0_191]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_191]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ~[na:1.8.0_191]
... 27 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
es报错信息为:
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
请问有没有大佬知道怎么解决?
拜谢~
我现在用的6.6.2版本的elasticsearch,配置了xpack,并且设置了证书配置,配置项如下
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
#enable PKI authentication
xpack.security.authc.realms.pki1.type: pki
#xpack.security.transport.ssl.key: certs/node-1/node-1.key
#xpack.security.transport.ssl.certificate: certs/node-1/node-1.crt
#xpack.security.transport.ssl.certificate_authorities: ["certs/ca/ca.crt"]
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
#set to optional to allow unauthorized client authorize with other certificate
xpack.security.transport.ssl.client_authentication: optional
在java项目中创建TransportClient,配置项如下:
Settings settings = Settings.builder()
.put("cluster.name", clusterName)
.put("xpack.security.user", username+":"+password)
.put("xpack.security.enabled",true)
.put("xpack.security.transport.ssl.enabled", true)
// .put("client.transport.sniff", true)
启动java项目后,控制台报错:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
个人推测,这个应该是java里没有配置elasticsearch集群的证书,想请问一下,有没有大佬知道,要在java里面配置集群的哪个证书?我试了集群生成的elastic-certificates.p12,还有英文文档里的Creating a client certificate方法创建cer证书然后放到java的证书库里,都报错,
java报错信息为:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_191]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_191]
at sun.security.validator.Validator.validate(Validator.java:262) ~[na:1.8.0_191]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_191]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[na:1.8.0_191]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_191]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ~[na:1.8.0_191]
... 27 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
es报错信息为:
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
请问有没有大佬知道怎么解决?
拜谢~
2 个回复
sunshine_grand - 90后程序媛
赞同来自: laoyang360 、wntp
https://www.elastic.co/guide/e ... .html,
所以说所有问题的答案在书中都能找到,并不需要费神去问度娘
sunshine_grand - 90后程序媛
赞同来自: rochy
1、把/etc/elasticsearch/certs文件夹下的elastic-certificates.p12文件拷到项目目录下,然后Settings配置如下:
.put("xpack.security.enabled",true)
.put("xpack.security.transport.ssl.enabled", true)
.put("xpack.security.transport.ssl.keystore.path","elastic-certificates.p12")//这里的文件要保证能访问到
.put("xpack.security.transport.ssl.truststore.path","elastic-certificates.p12")
.put("xpack.security.transport.ssl.verification_mode","certificate")
后续代码:
TransportClient client = new PreBuiltXPackTransportClient(settings);
然后就是addTransportAddress了~
2、elasticsearch.yml配置如下:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
注意!!不要添加任何额外的配置,像#xpack.security.transport.ssl.client_authentication: optional这之类的,我还没搞明白这都是啥意思就放上了_(: 」∠)_,然后就连不上了。。。
感谢大家!在我都没报啥希望的情况下,搜到了一篇帖子,然后对比着乱撞撞出来了
所以说任何时候不要放弃呀
开森,下班~