Springboot项目配置Elasticsearch，设置账号密码后报javax.net.ssl.SSLHandshakeException: General SSLEngine problem

ES 报错：javax.net.ssl.SSLHandshakeException: General SSLEngine problem

慢半拍的学长

6067人浏览 · 2022-07-28 17:04:00

慢半拍的学长 · 2022-07-28 17:04:00 发布

报错：
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at org.elasticsearch.client.RestClient$SyncResponseListener.get(RestClient.java:947)
at org.elasticsearch.client.RestClient.performRequest(RestClient.java:229)
at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1762)
at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1732)
at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1694)
at org.elasticsearch.client.RestHighLevelClient.search(RestHighLevelClient.java:1090)
at org.dexter.lab.elasticUtils.ESUtils.getLastIndexedTimeStamp(ESUtils.java:44)
at org.dexter.lab.druidUtils.DruidDelayChecker.main(DruidDelayChecker.java:357)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
… 23 more

原因这是客户端（springboot配置）尝试在ssl握手的时候验证es发来的证书。

解决方法禁用掉ssl验证

添加依赖

<dependency>
    <groupId>io.github.hakky54</groupId>
    <artifactId>sslcontext-kickstart</artifactId>
    <version>7.1.0</version>
</dependency>

配置文件禁用掉ssl验证

 SSLFactory sslFactory = SSLFactory.builder()
                    .withUnsafeTrustMaterial()
                    .withUnsafeHostnameVerifier()
                    .build();

RestClientBuilder builder = RestClient.builder(new HttpHost("localhost", 9200, "https"));

final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("admin", "123456"));

 builder = builder.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider)
                    .setSSLContext(sslFactory.getSslContext())
                    .setSSLHostnameVerifier(sslFactory.getHostnameVerifier()));

 RestHighLevelClient restHighLevelClient = new RestHighLevelClient(builder);