In my application I am using the elasticsearch java RestHighLevelClient for SSL connection to connect with elasticsearch server. RestHighLevelClient is a singleton object in my application. I have SSL certificate which expire in every 7 days. After 7 days when certificate expired my application starts throwing below exception.
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
org.elasticsearch.client.RestClient.extractAndWrapCause(RestClient.java:876)
org.elasticsearch.client.RestClient.performRequest(RestClient.java:283)
org.elasticsearch.client.RestClient.performRequest(RestClient.java:270)
Now, I have to restart my application to pick up the latest certificates. After restart application starts working for next 7 days. However I got the latest certificates one day before the certificates expire, which means on 6th day I have new certificates available to reload.
Is there any way to reload these SSL certificate inside RestHighLevelClient object automatically in java application without restarting the server.
Below is the code I am using to create the RestHighLevelClient object. This is a singleton object for my application.
private RestHighLevelClient setupSSLEnabledRestHighLevelClient() throws Exception {
SSLContextBuilder sslBuilder = SSLContexts.custom().loadKeyMaterial(ResourceUtils.getFile(keyStorePath), keyStorePassword.toCharArray(), keyPassword.toCharArray()).loadTrustMaterial(ResourceUtils.getFile(trustStorePath), trustStorePassword.toCharArray());
final SSLContext sslContext = sslBuilder.build();
RestClientBuilder builder = RestClient.builder(new HttpHost(elasticSearchIp, elasticSearchPort, "HTTPS"))
.setHttpClientConfigCallback(new HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
return httpClientBuilder.setSSLContext(sslContext);
}
});
return new RestHighLevelClient(builder);
}
Thanks in Advance :)
