Java TransportClient insert using the demo certs from the docker images?

#1

Hi, I have java code to do a bulk insert into ES using the TransportClient. When security is disabled this works fine. But I need to demo with the security enabled so I’m trying to use the demo certificates that come with the docker images - but no matter what I do I keep getting this error (& I spent a lot of time at it):

javax.net.ssl.SSLException: SSLEngine closed already
** at io.netty.handler.ssl.SslHandler.wrap(…)(Unknown Source) ~[netty-handler-4.1.33.Final.jar!/:4.1.33.Final]**
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

Has anyone else encountered this issue?

(2) I actually only need the security on kibana, put you cant turn it off on the java transport client without also turning it off on kibana too…

The settings I’m passing to the Transport client are:
Settings tcSettings = Settings.builder()
.put(“cluster.name”, this.clusterName)
.put(“opendistro_security.ssl.transport.truststore_filepath”, Paths.get("/truststore.jks"))
.put(“opendistro_security.ssl.transport.keystore_filepath”,Paths.get("/kirk-keystore.jks"))
.put(“opendistro_security.ssl.transport.keystore_alias”,“kirk”)
.put(“opendistro_security.ssl.transport.enforce_hostname_verification”, false)
.put(“opendistro_security.ssl.transport.enabled”, true)
.build();

I have also got the same result when I try the RestHighLevelClient

#3

Answering my own question - I got the RestHighLevelClient working in the end with security enabled.