search

lmenezes / cerebro

MIT License
5.55k stars 716 forks source link

How to use the pkcs12 certificate two-way authentication #588

Open TwilightPureDrm opened 11 months ago

TwilightPureDrm commented 11 months ago

conf:

play.ws.ssl {
  trustManager = {
    stores = [
      { type = "PEM", path = "/opt/cerebro-0.9.2/conf/CloudSearchService.cer" },
      { type = "PEM", path = "/opt/cerebro-0.9.2/conf/certificate.cer" }
    ]
  }
  keyManager = {
    stores = [
      { type = "pkcs12", path = "/opt/cerebro-0.9.2/conf/keystore.p12", password="xxxxx" }
    ]
  }
}

The HTTPS two-way authentication function is enabled in the Elasticsearch cluster. Therefore, the client certificate is configured in KeyManager. However, an error is reported when the Elasticsearch cluster is connected. It seems that Cerebro does not carry the certificate to connect to the Elasticsearch cluster,

cerebro error info: play.api.UnexpectedException: Unexpected exception[ConnectException: Received fatal alert: bad_certificate]

Elasticsearch error info:

[2023-12-21T21:36:07,354][ERROR][c.h.d.s.i.s.SSLNetty4HttpServerTransport] [es-client-192.168.170.179] Empty server certificate chain
[2023-12-21T21:36:07,354][ERROR][c.h.d.s.i.s.SSLNetty4HttpServerTransport] [es-client-192.168.170.179] SSL Problem Empty server certificate chain
javax.net.ssl.SSLHandshakeException: Empty server certificate chain
GYFgaoyuefei commented 11 months ago

好的,我已收到