Error: :Received fatal alert: handshake_failure:javax.net.ssl.SSLHandshakeException, While connecting to the elasticsearch using java REST client

☆樱花仙子☆ 提交于 2021-01-28 09:14:35

问题


  1. java-version: 1.8
  2. elastic-version: 7.10
  3. ubuntu: 18.04LTS

I am trying to connect to the elasticsearch using java, we already setup the security in elastic by using xpack security and elastic is password protected and working fine but problem occurs when I try to establish secure elastic connection using java.

NOTE: Elasticsearch and java both are in different linux machine.

I added these parameter in elasticsearch.yml

cluster.name: la-test-elastic-2
network.host: 0.0.0.0
http.port: 9200
xpack.security.enable: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

also created the Create a certificate authority for your Elasticsearch cluster. using

bin/elasticsearch-certutil ca

and Generate a certificate and private key for each node in your cluster.

Use the elasticsearch-certutil cert command:

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

java code using REST client

String keyStorePass = "";       
Path trustStorePath = Paths.get("lib/elastic-certificates.p12");
KeyStore truststore = KeyStore.getInstance("pkcs12");
try (InputStream is = Files.newInputStream(trustStorePath)) {
    truststore.load(is, keyStorePass.toCharArray());
}
SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(truststore, null);
final SSLContext sslContext = sslBuilder.build();       
final CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "elastic"));
// 3. Changes for add multiple IP address
String[] hosts = elasticHost.split(",");
HttpHost[] httpHosts = Arrays.stream(hosts)
        .map(host -> new HttpHost(host.trim(), elasticPort, "https"))
        .collect(Collectors.toList())
        .toArray(new HttpHost[hosts.length]);
// 4. Build the low-level client
RestClientBuilder builder = RestClient.builder(httpHosts)
        .setHttpClientConfigCallback(new HttpClientConfigCallback() {
            @Override
            public HttpAsyncClientBuilder customizeHttpClient(
                    HttpAsyncClientBuilder httpClientBuilder) {

                        // set Basic credentials
                        httpClientBuilder.setDefaultCredentialsProvider(credsProvider);
                        // set SSL context
                        return httpClientBuilder.setSSLContext(sslContext);
                    }
        });  
// 5. Build the high-level client
client = new RestHighLevelClient(builder);
//try to search existing index
SearchRequest searchRequest = new SearchRequest("idx");
SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT);
System.out.println("searchResponse : " + searchResponse.toString());

I found the above code, but my question is what path sould I mention in the 2 line of code i.e:

Path trustStorePath = Paths.get("lib/elastic-certificates.p12");  // I try giving /etc/elasticsearch/elastic-certificates.p12 but getting no such file exception error

and my second doubt is what is :

KeyStore truststore = KeyStore.getInstance("pkcs12"); 

which file should I give here

If I run the exact above the then I get this error:

Error: :Received fatal alert: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at org.elasticsearch.client.RestClient.extractAndWrapCause(RestClient.java:860)
        at org.elasticsearch.client.RestClient.performRequest(RestClient.java:275)
        at org.elasticsearch.client.RestClient.performRequest(RestClient.java:262)
        at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1632)
        at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1602)
        at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1572)
        at org.elasticsearch.client.RestHighLevelClient.search(RestHighLevelClient.java:1088)
        at testsecureelastic.TestSecureElasticConnection.getElasticConnectionOther(TestSecureElasticConnection.java:164)
        at testsecureelastic.TestSecureElasticConnection.main(TestSecureElasticConnection.java:279)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
        at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:149)
        at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:575)
        at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:531)
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:398)
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:377)
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
        at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:271)
        at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:316)
        at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509)
        at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
        at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
        at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
        at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
        at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
        at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
        at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
        at java.lang.Thread.run(Thread.java:748)

来源:https://stackoverflow.com/questions/65234013/error-received-fatal-alert-handshake-failurejavax-net-ssl-sslhandshakeexcept

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!