search

lmenezes / cerebro

MIT License
5.51k stars 714 forks source link

How to use the pkcs12 certificate two-way authentication #588

Open TwilightPureDrm opened 8 months ago

TwilightPureDrm commented 8 months ago

conf:

play.ws.ssl {
  trustManager = {
    stores = [
      { type = "PEM", path = "/opt/cerebro-0.9.2/conf/CloudSearchService.cer" },
      { type = "PEM", path = "/opt/cerebro-0.9.2/conf/certificate.cer" }
    ]
  }
  keyManager = {
    stores = [
      { type = "pkcs12", path = "/opt/cerebro-0.9.2/conf/keystore.p12", password="xxxxx" }
    ]
  }
}

The HTTPS two-way authentication function is enabled in the Elasticsearch cluster. Therefore, the client certificate is configured in KeyManager. However, an error is reported when the Elasticsearch cluster is connected. It seems that Cerebro does not carry the certificate to connect to the Elasticsearch cluster,

cerebro error info: play.api.UnexpectedException: Unexpected exception[ConnectException: Received fatal alert: bad_certificate]

Elasticsearch error info:

[2023-12-21T21:36:07,354][ERROR][c.h.d.s.i.s.SSLNetty4HttpServerTransport] [es-client-192.168.170.179] Empty server certificate chain
[2023-12-21T21:36:07,354][ERROR][c.h.d.s.i.s.SSLNetty4HttpServerTransport] [es-client-192.168.170.179] SSL Problem Empty server certificate chain
javax.net.ssl.SSLHandshakeException: Empty server certificate chain
GYFgaoyuefei commented 8 months ago

好的,我已收到