Sahil :
I'm trying to connect to an elasticsearch instance which is behind a ssh tunnel. Domain of the elasticsearch instance is *.ap-south-1.es.amazonaws.com while locally on the tunnel, I connect via localhost:9201.
Here is the code I'm using to connect to elasticsearch
RestHighLevelClient(RestClient.builder(HttpHost("localhost", 9201, "https")))
I'm getting the following error
javax.net.ssl.SSLPeerUnverifiedException: Host name 'localhost' does not match the certificate subject provided by the peer (CN=*.ap-south-1.es.amazonaws.com)
I got this error when I was working with PHP-Elasticsearch and I fixed it using
$esClient->setSSLVerification(false);
I was hoping to find a similar method for Java RestClient.
Hrithik Manchanda :
For this you have to disable a setting which verifies the hostname with the name you provided. This is an error of HTTPClient in apache and you have to virtualize the hostname as verified in setSSLHostnameVerifier method like this
val builder = RestClient.builder(host).setHttpClientConfigCallback { httpAsyncClientBuilder ->
httpAsyncClientBuilder.setSSLHostnameVerifier { _, _ -> true }
}
This will always override your setting for verifying hostname as true