PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder...

已于 2022-10-19 09:57:18 修改
阅读量3.2k 收藏 1
点赞数
分类专栏: kubernetes Springboot Elasticsearch 文章标签: elasticsearch java 大数据
于 2022-10-18 17:39:04 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/faceqq/article/details/127392822
版权

Elasticsearch 8.4.3

spring-boot-starter-data-elasticsearch https连接es [PKIX path building failed, unable to find valid certification path to requested target]错误的解决方法

项目maven依赖
<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-data-elasticsearch</artifactId>
		</dependency>

		<dependency>
			<groupId>co.elastic.clients</groupId>
			<artifactId>elasticsearch-java</artifactId>
			<version>8.4.3</version>
		</dependency>

		<dependency>
			<groupId>com.fasterxml.jackson.core</groupId>
			<artifactId>jackson-databind</artifactId>
			<version>2.13.4</version>
		</dependency>

<!--		<dependency>-->
<!--			<groupId>jakarta.json</groupId>-->
<!--			<artifactId>jakarta.json-api</artifactId>-->
<!--			<version>2.0.1</version>-->
<!--		</dependency>-->

		<dependency>
			<groupId>org.projectlombok</groupId>
			<artifactId>lombok</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>
elasticsearch certs文件目录

在这里插入图片描述

查找当前项目使用的 jdk home path

在这里插入图片描述

在这里插入图片描述

进入jdk home path下的的lib下的secruity目录,然后导入证书
cd /Users/yanghaoyuan/Library/Java/JavaVirtualMachines/corretto-18.0.2/Contents/Home/lib/security

keytool -import -alias cacerts -keystore cacerts -file /Users/yanghaoyuan/Desktop/elasticsearch-8.4.3/config/certs/http_ca.crt

yanghaoyuan@MAGIT02238 security % keytool -import -alias cacerts -keystore cacerts -file /Users/yanghaoyuan/Desktop/elasticsearch-8.4.3/config/certs/http_ca.crt
所有者: CN=Elasticsearch security auto-configuration HTTP CA
发布者: CN=Elasticsearch security auto-configuration HTTP CA
序列号: 94b866feae9ca4e530a4908be65e61c876832ebf
生效时间: Tue Oct 18 08:43:20 CST 2022, 失效时间: Fri Oct 17 08:43:20 CST 2025
证书指纹:
	 SHA1: AE:6C:27:36:0F:95:3D:86:56:90:20:36:3A:54:03:F2:83:6F:46:6F
	 SHA256: C9:F8:82:4D:9D:B9:17:70:E3:4B:03:AF:B1:6D:6D:0C:CF:A9:46:0E:2E:54:98:7E:0B:FB:AA:BF:B5:32:B2:AE
签名算法名称: SHA256withRSA
主体公共密钥算法: 4096 位 RSA 密钥
版本: 3

扩展: 

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 38 D9 54 2B 6A 94 85 A4   7A 7A E0 E7 A5 62 CE 89  8.T+j...zz...b..
0010: 1A EA A6 30                                        ...0
]
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen: no limit
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 38 D9 54 2B 6A 94 85 A4   7A 7A E0 E7 A5 62 CE 89  8.T+j...zz...b..
0010: 1A EA A6 30                                        ...0
]
]

是否信任此证书? []:  是 
证书已添加到密钥库中

elasticsearch8.4.3 的https 连接配置

两种方式:

第一种方式

在application.yml 配置es连接凭证和连接地址,spring-boot-starter-data- elasticsearch依赖jar会读取配置自动初始化RestHighLevelClient

spring:
 elasticsearch:
   rest:
     uris: https://localhost:9200
     read-timeout: 10s
     username: "elastic"
     password: "BGF+ExXQJ7W4vOd+*a*d"
第二种方式:

如下写配置类

@Configuration
@EnableReactiveElasticsearchRepositories(basePackages = "com.im.elasticsearch.repository")
public class Config extends AbstractElasticsearchConfiguration {

    @Value("${elasticsearch.url}")
    public String elasticsearchUrl;

    @Bean
    @Override
    public RestHighLevelClient elasticsearchClient() {

            final ClientConfiguration configuration =
                    ClientConfiguration.builder()
                .connectedTo(elasticsearchUrl)
                    .usingSsl()
                .withBasicAuth("elastic", "BGF+ExXQJ7W4vOd+*a*d")
                .build();
        return RestClients.create(configuration).rest();

//        final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
//        credentialsProvider.setCredentials(AuthScope.ANY,
//                new UsernamePasswordCredentials("elastic", "BGF+ExXQJ7W4vOd+*a*d"));
//
//        RestClientBuilder restClientBuilder = RestClient.builder(
//                new HttpHost("localhost", 9200, "https")
//        );
//        RestClient restClient = restClientBuilder.setHttpClientConfigCallback(
//                new RestClientBuilder.HttpClientConfigCallback() {
//                    @Override
//                    public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) {
//                        return httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
//                    }
//                }
//        ).build();
//
//        return new RestHighLevelClientBuilder(restClient)
//                .setApiCompatibilityMode(true)
//                .build();

    }
}

OK

在这里插入图片描述

yanghaoyuan.sh
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to fi
m0_37593004的博客
04-15 656
HTTPS 报错 Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_171] at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[na:1.8.0_171]
InstallCert.java工具及使用方法.zip
07-29
HTTP Status 500 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find ...
SSL.7z,解决PKIX path building failed 的问题
03-10
PKIX path building failed 的问题。解决本地环境中报错 PKIX path building failed 的问题。 其中有产生证书的代码,将运行产生的证书放在文档中指定位置即可
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath
振华OPPO的博客世界
11-30 1万+
由于JVM默认信任证书不包含该目标网站的SSL证书,导致无法建立有效的信任链接。所以我们将原先的google()和jcenter()仓库替换为国内的仓库。然后重新Sync项目,成功开始下载依赖。
尝试用Gradle编译时证书的问题
最新发布
neterrrr的专栏
07-08 204
Gradle 编译报错 sun.security.validator.ValidatorException: PKIX path building failed:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCe
hongchangyuge的博客
06-04 176
java请求接口的时候如果遇到这个问题 是java的ssl安全证书问题,用下面的代码忽略就好 放在方法的最前面。
【Jenkins问题已解决记录】PKIX 路径构建失败”和“无法找到请求目标的有效证书路径
Vincent_Han的博客
06-01 2179
安装插件,或tomcat启动命令界面报错-PKIX 路径构建失败”和“无法找到请求目标的有效证书路径
Jsoup爬取缺少安全证书异常
qq_42897733的博客
05-21 797
项目场景: 抓取https网站数据失败 问题描述: 出现异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested t
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder
weixin_46028606的博客
05-02 5512
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder
报错 | PKIX path building failed: ...SunCertPathBuilderException:unable to find valid certification...
热门推荐
野生猿林仔的博客
07-03 2万+
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target的解决方案。
【解决PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:... 】问题
我怀念的
11-09 1024
PKIX path building failed
关于IDEA2020.1新建项目maven PKIX 报错问题解决方法
08-19
这个错误的主要原因是ValidatorException:PKIX path building failed : sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target。...
PKIX path building failed解决java获取https的时遇到的证书问题
07-02
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ``` 这个错误表明Java在尝试建立SSL/TLS连接时无法验证...
PKIX path building failed
12-07
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
编译报错:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder
Keep Learning
04-08 601
【代码】编译报错:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilder。
PKIX path building failed: sun.security.provider.certpath.
01-28
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException是Java中的一个错误,表示构建PKIX路径失败,无法找到有效的证书路径。这个错误通常发生在使用SSL连接时,由于Java不信任SSL证书导致的。 解决这个问题的方法有多种,其中一种是手动导入证书到本地的信任库。这种方法比较复杂,需要按照一定的步骤进行操作。另一种方法是信任SSL证书,可以通过以下步骤解决该问题: 1. 创建一个TrustManager,用于信任所有的SSL证书。可以使用X509TrustManager接口的实现类,如下所示: ```java import javax.net.ssl.X509TrustManager; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; public class TrustAllManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } ``` 2. 在使用SSL连接之前,将TrustManager设置为信任所有SSL证书。可以使用以下代码片段实现: ```java import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; // 创建SSL上下文 SSLContext sslContext = SSLContext.getInstance("TLS"); // 创建TrustManager数组,只包含一个TrustAllManager TrustManager[] trustManagers = {new TrustAllManager()}; // 初始化SSL上下文 sslContext.init(null, trustManagers, null); // 设置默认的SSLSocketFactory和HostnameVerifier HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); ``` 通过以上步骤,你可以解决PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException错误。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

yanghaoyuan.sh

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值