Replies: 1 comment 1 reply
-
|
I tried to modify the customizeHttpClient method under the SSLConfigurationCallback class I'm not sure if this is a bug or not |
Beta Was this translation helpful? Give feedback.
-
|
There is another config property index.search.elasticsearch.ssl.allow-self-signed-certificates that you need to set, see: https://docs.janusgraph.org/index-backend/elasticsearch/#rest-client-https-configuration . I guess you still have to download the self-signed certificate with the browser and add it to the java truststore to be specified in your configs. |
Beta Was this translation helpful? Give feedback.
-
I'm trying to configure JanusGraph 0.60 with Hbase and ElasticSearch6.8.17. ElasticSearch is configured with SSL and without signed certificate. My JanusGraph configuration includes:
storage.backend=hbase
storage.hostname="myHbase"
graph.graphname=statistics
storage.hbase.region-count=4
graph.timestamps=MILLI
graph.replace-instance-if-exists=true
index.search.hostname="ESIP"
index.search.port=9200
index.search.backend=elasticsearch
index.search.index-name=statistics
index.search.elasticsearch.ssl.enabled=true
index.search.elasticsearch.http.auth.type=Basic
index.search.elasticsearch.ssl.disable-hostname-verification=true
I can use curl -k and successfully communicate with ElasticSearch from my client machine. But when I use the configuration above, it does not appear to be disabling certificate verification and the error that I get is:
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:242)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:113)
at org.apache.http.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:413)
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1455)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
... 19 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:127)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
...
It does not appear to be disabling certificate validation...
Beta Was this translation helpful? Give feedback.
All reactions