java以SSL方式连ES

先做准备工作,浏览器方式访问 ES7.X url https://127.0.0.1:8027 弹出用户名和密码
输入后在浏览器得到
{
“name” : “DTCNPEMS04”,
“cluster_name” : “cnp-es-cluster”,
“cluster_uuid” : “wb0So_FqQBOKqtXnsqofTg”,
“version” : {
“number” : “7.14.1”,
“build_flavor” : “default”,
“build_type” : “docker”,
“build_hash” : “66b55ebfa59c92c15db3f69a335d500018b3331e”,
“build_date” : “2021-08-26T09:01:05.390870785Z”,
“build_snapshot” : false,
“lucene_version” : “8.9.0”,
“minimum_wire_compatibility_version” : “6.8.0”,
“minimum_index_compatibility_version” : “6.0.0-beta1”
},
“tagline” : “You Know, for Search”
}
说明浏览器可以获得SSL证书,然后用户可以按用户名/密码访问

后续思路就是从浏览器导出证书(略过),导入到JDK的security目录下,然后在代码里调用嵌入用户名和密码,SSL访问即可。

1) 假设浏览器导出证书为
java以SSL方式连ES_第1张图片

2) 将证书转换为cer格式
openssl x509 -outform der -in es-devtest -out es-devtest.cer

3) 将证书导入到JDK的security目录下
keytool -import -alias es-devtest -keystore $HOME/java/jdk-8u291-linux-x64/jdk1.8.0_291/jre/lib/security/cacerts -file es-devtest.cer -trustcacerts -storepass changeit

4) 代码

String username="elastic";
String password="123456789";

        CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));

        esClient = new RestHighLevelClient(
                RestClient.builder(HttpHost.create("https://127.0.0.1:8027"))
                        .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
                                .setDefaultCredentialsProvider(credentialsProvider))
        );

连接不报错,就是成功,之后可以操作索引

你可能感兴趣的:(java,ssl,elasticsearch)