PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder...

Elasticsearch 8.4.3

spring-boot-starter-data-elasticsearch https连接es [PKIX path building failed, unable to find valid certification path to requested target]错误的解决方法

项目maven依赖

		
			org.springframework.boot
			spring-boot-starter
		

		
			org.springframework.boot
			spring-boot-starter-web
		

		
			org.springframework.boot
			spring-boot-starter-data-elasticsearch
		

		
			co.elastic.clients
			elasticsearch-java
			8.4.3
		

		
			com.fasterxml.jackson.core
			jackson-databind
			2.13.4
		







		
			org.projectlombok
			lombok
		

		
			org.springframework.boot
			spring-boot-starter-test
			test
		
	

elasticsearch certs文件目录

查找当前项目使用的 jdk home path

进入jdk home path下的的lib下的secruity目录，然后导入证书

cd /Users/yanghaoyuan/Library/Java/JavaVirtualMachines/corretto-18.0.2/Contents/Home/lib/security

keytool -import -alias cacerts -keystore cacerts -file /Users/yanghaoyuan/Desktop/elasticsearch-8.4.3/config/certs/http_ca.crt

yanghaoyuan@MAGIT02238 security % keytool -import -alias cacerts -keystore cacerts -file /Users/yanghaoyuan/Desktop/elasticsearch-8.4.3/config/certs/http_ca.crt
所有者: CN=Elasticsearch security auto-configuration HTTP CA
发布者: CN=Elasticsearch security auto-configuration HTTP CA
序列号: 94b866feae9ca4e530a4908be65e61c876832ebf
生效时间: Tue Oct 18 08:43:20 CST 2022, 失效时间: Fri Oct 17 08:43:20 CST 2025
证书指纹:
	 SHA1: AE:6C:27:36:0F:95:3D:86:56:90:20:36:3A:54:03:F2:83:6F:46:6F
	 SHA256: C9:F8:82:4D:9D:B9:17:70:E3:4B:03:AF:B1:6D:6D:0C:CF:A9:46:0E:2E:54:98:7E:0B:FB:AA:BF:B5:32:B2:AE
签名算法名称: SHA256withRSA
主体公共密钥算法: 4096 位 RSA 密钥
版本: 3

扩展: 

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 38 D9 54 2B 6A 94 85 A4   7A 7A E0 E7 A5 62 CE 89  8.T+j...zz...b..
0010: 1A EA A6 30                                        ...0
]
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen: no limit
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 38 D9 54 2B 6A 94 85 A4   7A 7A E0 E7 A5 62 CE 89  8.T+j...zz...b..
0010: 1A EA A6 30                                        ...0
]
]

是否信任此证书? [否]:  是 
证书已添加到密钥库中

elasticsearch8.4.3 的https 连接配置

两种方式：

第一种方式

在application.yml 配置es连接凭证和连接地址，spring-boot-starter-data- elasticsearch依赖jar会读取配置自动初始化RestHighLevelClient

spring:
 elasticsearch:
   rest:
     uris: https://localhost:9200
     read-timeout: 10s
     username: "elastic"
     password: "BGF+ExXQJ7W4vOd+*a*d"

第二种方式：

如下写配置类

@Configuration
@EnableReactiveElasticsearchRepositories(basePackages = "com.im.elasticsearch.repository")
public class Config extends AbstractElasticsearchConfiguration {

    @Value("${elasticsearch.url}")
    public String elasticsearchUrl;

    @Bean
    @Override
    public RestHighLevelClient elasticsearchClient() {

            final ClientConfiguration configuration =
                    ClientConfiguration.builder()
                .connectedTo(elasticsearchUrl)
                    .usingSsl()
                .withBasicAuth("elastic", "BGF+ExXQJ7W4vOd+*a*d")
                .build();
        return RestClients.create(configuration).rest();

//        final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
//        credentialsProvider.setCredentials(AuthScope.ANY,
//                new UsernamePasswordCredentials("elastic", "BGF+ExXQJ7W4vOd+*a*d"));
//
//        RestClientBuilder restClientBuilder = RestClient.builder(
//                new HttpHost("localhost", 9200, "https")
//        );
//        RestClient restClient = restClientBuilder.setHttpClientConfigCallback(
//                new RestClientBuilder.HttpClientConfigCallback() {
//                    @Override
//                    public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) {
//                        return httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
//                    }
//                }
//        ).build();
//
//        return new RestHighLevelClientBuilder(restClient)
//                .setApiCompatibilityMode(true)
//                .build();

    }
}

OK