结合使用Elasticsearch Java REST API和自签名证书 [英] Using Elasticsearch Java REST API with self signed certificates
本文介绍了结合使用Elasticsearch Java REST API和自签名证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想使用Java REST API(RestHighLevelClient)通过HTTPS与Elasticsearch 5.6服务器通信.但是,服务器的证书是自签名的,当我尝试连接时会抛出SSLHandshakeException.
I want to use the Java REST API (RestHighLevelClient) to communicate with an Elasticsearch 5.6 server over HTTPS. However, the certificate for the server is self signed and when I try to connect it throws a SSLHandshakeException.
是否可以将REST客户端配置为接受自签名证书?
Is there a way of configuring the REST client to accept self signed certificates?
推荐答案
我使用自定义Java密钥库来完成此工作.这是我的代码:
I got this working using a custom Java Key Store. Here's my code:
CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
final SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(new File("my_keystore.jks"), keystorePassword.toCharArray(),
new TrustSelfSignedStrategy())
.build();
RestClient client = RestClient.builder(new HttpHost(host, port, scheme)).setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
.setDefaultCredentialsProvider(credentialsProvider)
.setSSLContext(sslContext)
).build();
要创建密钥库,我通过Firefox下载了该域的证书,并使用:
To create the keystore, I downloaded the cert for the domain through Firefox, and used:
keytool -import -v -trustcacerts -file my_domain.crt -keystore my_keystore.jks -keypass password -storepass password
这篇关于结合使用Elasticsearch Java REST API和自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文