使用 man ascii 来查看 ASCII 表。

使用spring-data-elasticsearch报错unable to find valid certification path to requested target

Elasticsearch | 作者 HeyChiang | 发布于2021年06月24日 | 阅读数:4089

版本elasticsearch集群7.13.2版本
spring-data-elasticsearch使用4.2.1版本
jdk 1.8版本
 
问题
我在集群里面做了TLS,使用下面Java代码进行访问es的时候就报错。
 
错误
java.lang.IllegalStateException: Failed to execute CommandLineRunner
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:794) [spring-boot-2.5.1.jar:2.5.1]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:775) [spring-boot-2.5.1.jar:2.5.1]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:345) [spring-boot-2.5.1.jar:2.5.1]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1343) [spring-boot-2.5.1.jar:2.5.1]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1332) [spring-boot-2.5.1.jar:2.5.1]
at com.chiang.elastic.Application.main(Application.java:23) [classes/:na]
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.elasticsearch.client.RestClient.extractAndWrapCause(RestClient.java:875) ~[elasticsearch-rest-client-7.12.1.jar:7.12.1]
at org.elasticsearch.client.RestClient.performRequest(RestClient.java:283) ~[elasticsearch-rest-client-7.12.1.jar:7.12.1]
at org.elasticsearch.client.RestClient.performRequest(RestClient.java:270) ~[elasticsearch-rest-client-7.12.1.jar:7.12.1]
at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1654) ~[elasticsearch-rest-high-level-client-7.12.1.jar:7.12.1]
at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1624) ~[elasticsearch-rest-high-level-client-7.12.1.jar:7.12.1]
at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1594) ~[elasticsearch-rest-high-level-client-7.12.1.jar:7.12.1]
at org.elasticsearch.client.RestHighLevelClient.index(RestHighLevelClient.java:1011) ~[elasticsearch-rest-high-level-client-7.12.1.jar:7.12.1]
at com.chiang.elastic.service.ElasticClient.indexRequest(ElasticClient.java:40) ~[classes/:na]
at com.chiang.elastic.Application.run(Application.java:28) [classes/:na]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:791) [spring-boot-2.5.1.jar:2.5.1]
... 5 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:1.8.0_281]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:353) ~[na:1.8.0_281]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:296) ~[na:1.8.0_281]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:291) ~[na:1.8.0_281]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652) ~[na:1.8.0_281]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471) ~[na:1.8.0_281]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367) ~[na:1.8.0_281]
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376) ~[na:1.8.0_281]
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[na:1.8.0_281]
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:983) ~[na:1.8.0_281]
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:970) ~[na:1.8.0_281]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_281]
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:917) ~[na:1.8.0_281]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:285) ~[httpcore-nio-4.4.12.jar:4.4.12]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:345) ~[httpcore-nio-4.4.12.jar:4.4.12]
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:523) ~[httpcore-nio-4.4.12.jar:4.4.12]
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120) ~[httpcore-nio-4.4.12.jar:4.4.12]
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) ~[httpcore-nio-4.4.12.jar:4.4.12]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) ~[httpcore-nio-4.4.12.jar:4.4.12]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) ~[httpcore-nio-4.4.12.jar:4.4.12]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) ~[httpcore-nio-4.4.12.jar:4.4.12]
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) ~[httpcore-nio-4.4.12.jar:4.4.12]
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591) ~[httpcore-nio-4.4.12.jar:4.4.12]
at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_281]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:1.8.0_281]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:1.8.0_281]
at sun.security.validator.Validator.validate(Validator.java:271) ~[na:1.8.0_281]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312) ~[na:1.8.0_281]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:275) ~[na:1.8.0_281]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:140) ~[na:1.8.0_281]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:630) ~[na:1.8.0_281]
... 19 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_281]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_281]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_281]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:1.8.0_281]
... 25 common frames omitted


Process finished with exit code 1

 
代码
@Configuration
public class RestClientConfig extends AbstractElasticsearchConfiguration {

@Override
@Bean
public RestHighLevelClient elasticsearchClient() {
final ClientConfiguration clientConfiguration = ClientConfiguration.builder()
.connectedTo("192.168.xxx.xxx:9200")
.usingSsl()
.withBasicAuth("elastic","QYXT4QD56ChndEoxxxxT")
.build();

return RestClients.create(clientConfiguration).rest();
}
}
已邀请:

lewis

赞同来自:

unable to find valid certification path to requested target、在给定的目标没有找到证书啊;
一般情况下、9300加证书就行、9200可以不加
匿名用户

匿名用户

赞同来自:

你这明显是证书有错误.
一看就是自己拿java keytool工具生成的.
 
 
 

HeyChiang

赞同来自:

问题已经解决。
 
直接使用ca.crt保存在jdk路径就可以了,这个ca.crt证书来自官网ElastichSearch Stack的Docker自动生成的,存入证书的命令为:
keytool -import -alias elastic -keystore cacerts -file 'D:\ca.crt' -storepass changeit

要回复问题请先登录注册