Disabling SSL verification for Elastic search Restclient not working in Java

In your example you only disabled the hostname verification. The server (ElasticSearch or something on top of ElasticSearch) is sending you the public key/certificate and your Restclient tries to validate that during the ssl handshake. What you need to do is tell to your RestClient that it is OK to receive a certificate from anyone but when it receives one it should not really validate it. So you need a custom trustmanager which has the task to validate the certificate but actually it doesn't validate at all. What you need is an UnsafeX509ExtendedTrustManager, see below for the code snippets and the usage with the RestClient:

Option 1

public final class UnsafeX509ExtendedTrustManager extends X509ExtendedTrustManager {    private static final X509ExtendedTrustManager INSTANCE = new UnsafeX509ExtendedTrustManager();    private static final X509Certificate[] EMPTY_CERTIFICATES = new X509Certificate[0];    private UnsafeX509ExtendedTrustManager() {}    public static X509ExtendedTrustManager getInstance() {        return INSTANCE;    }    @Override    public void checkClientTrusted(X509Certificate[] certificates, String authType) {     }    @Override    public void checkClientTrusted(X509Certificate[] certificates, String authType, Socket socket) {        }    @Override    public void checkClientTrusted(X509Certificate[] certificates, String authType, SSLEngine sslEngine) {    }    @Override    public void checkServerTrusted(X509Certificate[] certificates, String authType) {    }    @Override    public void checkServerTrusted(X509Certificate[] certificates, String authType, Socket socket) {    }    @Override    public void checkServerTrusted(X509Certificate[] certificates, String authType, SSLEngine sslEngine) {    }    @Override    public X509Certificate[] getAcceptedIssuers() {        return EMPTY_CERTIFICATES;    }}

The above trustmanager can be supplied to the RestHighLevelClient with the following snippet:

SSLContext sslContext = SSLContext.getInstance("TLS");sslContext.init(null, new TrustManager[]{ UnsafeX509ExtendedTrustManager.INSTANCE }, null);RestClientBuilder restClientBuilder = RestClient        .builder(new HttpHost("localhost", 9200, "https"))        .setHttpClientConfigCallback(httpClientBuilder ->                 httpClientBuilder.setSSLContext(sslContext)                                 .setSSLHostnameVerifier((host, session) -> true));

By the way, I don't recommend you or anyone else to use UnsafeX509ExtendedTrustManager. It is unsafe and should not be used at all in production.

Option 2

If you don't want to add the custom code to your code base but just only want to easily disable the ssl verification, you might want to give the following snippet a try. It is a library to easily generate the SSLContext or other ssl materials and it has the option to disable the ssl verification.

<dependency>    <groupId>io.github.hakky54</groupId>    <artifactId>sslcontext-kickstart</artifactId>    <version>6.7.0</version></dependency>

Usage

SSLFactory sslFactory = SSLFactory.builder()          .withUnsafeTrustMaterial()          .withHostnameVerifier((host, session) -> true))          .build();RestClientBuilder restClientBuilder = RestClient        .builder(new HttpHost("localhost", 9200, "https"))        .setHttpClientConfigCallback(httpClientBuilder ->                 httpClientBuilder.setSSLContext(sslFactory.getSslContext())                                 .setSSLHostnameVerifier(sslFactory.getHostnameVerifier());

Hi there is very much easy way to do this. with less code.

hope this will help you, I had the same problem and this is how I resolved.

    @Bean        public RestHighLevelClient createSimpleElasticClient() throws Exception {            try {                SSLContextBuilder sslBuilder = SSLContexts.custom()                        .loadTrustMaterial(null, (x509Certificates, s) -> true);                        final SSLContext sslContext = sslBuilder.build();                RestHighLevelClient client = new RestHighLevelClient(RestClient                        .builder(new HttpHost(hostNameOrLoadbalancerURL, 443, "https")) //port number is given as 443 since its https schema                        .setHttpClientConfigCallback(new HttpClientConfigCallback() {                            @Override                            public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {                                return httpClientBuilder                                         .setSSLContext(sslContext)                                         .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);                            }                        })                        .setRequestConfigCallback(new RestClientBuilder.RequestConfigCallback() {                            @Override                            public RequestConfig.Builder customizeRequestConfig(                                    RequestConfig.Builder requestConfigBuilder) {                                return requestConfigBuilder.setConnectTimeout(5000)                                        .setSocketTimeout(120000);                            }                        }));                System.out.println("elasticsearch client created");                return client;            } catch (Exception e) {                System.out.println(e);                throw new Exception("Could not create an elasticsearch client!!");            }        }