将 Elasticsearch Java REST API 与自签名证书一起使用

Using Elasticsearch Java REST API with self signed certificates(将 Elasticsearch Java REST API 与自签名证书一起使用)

问题描述

我想使用 Java REST API (RestHighLevelClient) 通过 HTTPS 与 Elasticsearch 5.6 服务器进行通信.但是，服务器的证书是自签名的，当我尝试连接时，它会引发 SSLHandshakeException.

I want to use the Java REST API (RestHighLevelClient) to communicate with an Elasticsearch 5.6 server over HTTPS. However, the certificate for the server is self signed and when I try to connect it throws a SSLHandshakeException.

有没有办法将 REST 客户端配置为接受自签名证书?

Is there a way of configuring the REST client to accept self signed certificates?

推荐答案

我使用自定义 Java Key Store 来实现这个功能.这是我的代码:

I got this working using a custom Java Key Store. Here's my code:

CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));

final SSLContext sslContext = SSLContexts.custom()
        .loadTrustMaterial(new File("my_keystore.jks"), keystorePassword.toCharArray(),
            new TrustSelfSignedStrategy())
        .build();


RestClient client = RestClient.builder(new HttpHost(host, port, scheme)).setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
        .setDefaultCredentialsProvider(credentialsProvider)
        .setSSLContext(sslContext)
).build();

为了创建密钥库，我通过 Firefox 下载了域的证书，并使用了:

To create the keystore, I downloaded the cert for the domain through Firefox, and used:

keytool -import -v -trustcacerts -file my_domain.crt -keystore my_keystore.jks -keypass password -storepass password

这篇关于将 Elasticsearch Java REST API 与自签名证书一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！