要不要再翻翻文档呢?

6.6.X版本的es配置了x-pack之后,如何在java中创建transportClient

Elasticsearch | 作者 sunshine_grand | 发布于2019年04月12日 | 阅读数:8800

大家好!
我现在用的6.6.2版本的elasticsearch,配置了xpack,并且设置了证书配置,配置项如下
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

#enable PKI authentication
xpack.security.authc.realms.pki1.type: pki

#xpack.security.transport.ssl.key: certs/node-1/node-1.key
#xpack.security.transport.ssl.certificate: certs/node-1/node-1.crt
#xpack.security.transport.ssl.certificate_authorities: ["certs/ca/ca.crt"]

xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

#set to optional to allow unauthorized client authorize with other certificate
xpack.security.transport.ssl.client_authentication: optional
 
在java项目中创建TransportClient,配置项如下:
Settings settings = Settings.builder()
                        .put("cluster.name", clusterName)
                        .put("xpack.security.user", username+":"+password)
                        .put("xpack.security.enabled",true)
                        .put("xpack.security.transport.ssl.enabled", true)
//                        .put("client.transport.sniff", true)
启动java项目后,控制台报错:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
个人推测,这个应该是java里没有配置elasticsearch集群的证书,想请问一下,有没有大佬知道,要在java里面配置集群的哪个证书?我试了集群生成的elastic-certificates.p12,还有英文文档里的Creating a client certificate方法创建cer证书然后放到java的证书库里,都报错,
java报错信息为:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_191]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_191]
    at sun.security.validator.Validator.validate(Validator.java:262) ~[na:1.8.0_191]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_191]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[na:1.8.0_191]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_191]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ~[na:1.8.0_191]
    ... 27 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
es报错信息为:
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
请问有没有大佬知道怎么解决?
拜谢~
已邀请:

sunshine_grand - 90后程序媛

赞同来自: laoyang360 wntp

翻了一下elasticsearch的官方文档,发现文档里有详细的说明
https://www.elastic.co/guide/e ... .html
所以说所有问题的答案在书中都能找到,并不需要费神去问度娘

sunshine_grand - 90后程序媛

赞同来自: rochy

同志们,我搞出来了!
1、把/etc/elasticsearch/certs文件夹下的elastic-certificates.p12文件拷到项目目录下,然后Settings配置如下:
.put("xpack.security.enabled",true)
                        .put("xpack.security.transport.ssl.enabled", true)
                        .put("xpack.security.transport.ssl.keystore.path","elastic-certificates.p12")//这里的文件要保证能访问到
                        .put("xpack.security.transport.ssl.truststore.path","elastic-certificates.p12")
                        .put("xpack.security.transport.ssl.verification_mode","certificate")
后续代码:
TransportClient client = new PreBuiltXPackTransportClient(settings);
然后就是addTransportAddress了~
2、elasticsearch.yml配置如下:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
注意!!不要添加任何额外的配置,像#xpack.security.transport.ssl.client_authentication: optional这之类的,我还没搞明白这都是啥意思就放上了_(: 」∠)_,然后就连不上了。。。
 
感谢大家!在我都没报啥希望的情况下,搜到了一篇帖子,然后对比着乱撞撞出来了
所以说任何时候不要放弃呀
开森,下班~

要回复问题请先登录注册