Elasticsearch not connecting to geonetwork. Some kind of security problem

[smrgeoinfo]

Describe the bug
Build geonetwork from source. (separate issue... have to manually copy https://mvnrepository.com/artifact/org.geotools.jdbc/gt-jdbc-postgis)» 30.0 and
[https://mvnrepository.com/artifact/org.geotools/gt-gml-geometry-streaming) » 30.0 into my maven .m2 because maven couldn't access 0some kind of certificate problem.) Anyway got 4.4.3 snapshot build from a local fork for core-geonetwork sync'd with main.
Have installed and gotten Elastic Search 8.11.3 working with Kibana 8.11.3. had to generate and copy xpack.encryptedSavedObjects.encryptionKey, xpack.reporting.encryptionKey, and xpack.security.encryptionKey into kibana.yml, and set xpack.security.enabled: true and xpack.security.enrollment.enabled: true in ElasticSearch.yml. That seemed to get kibana workign with Elastic.
Copy geonetwork.war from target dir in core-geonetwork to tomcat9.0.85 webApps folder. In Chrome clear browsing history. start tomcat, after awhile its running. Stop tomcat, put in the elastic search user and password, change protocol to https (tried http first, didn't work).
in Geonetowrk, when I search or got to 'search page' get message "Query returned an error. Check the console for details."

run admin/status in geonetwork, says 'remote index OK'; 'Records in index/db = 6/23' That's odd, Kibana only see 6 records.

in the tomcat console I do see this

2024-02-11T20:04:48,818 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor] - Read "application/json;charset=UTF-8" to ["{"from":0,"size":30,"sort":["_score"],"query":{"function_score":{"boost":"5","functions":[{"filter": (truncated)..."]
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

and in the elastic console this:
[2024-02-11T13:20:03,562][WARN ][o.e.h.n.Netty4HttpServerTransport] [EMERALD] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:61335}

To Reproduce
Steps to reproduce the behavior:

1. start elasticsearch, start kibana, start tomcat (tomcat loads geonetwork from webapps)
2. open https://localhost:9200 in browser, have to log in with ES username and passdword; get expected response from elastic search
3. open localhost:5601 in browser, get "regular kibana page, can look at indexes"
4. open localhost:8080/geonetwork, app opens with message "Query returned an error. Check the console for details."

What am I missing?

[fxprunayre]

Have installed and gotten Elastic Search 8.11.3

Elasticsearch 8 support is planned for next 4.4.3 release. See #7599
and https://docs.geonetwork-opensource.org/4.2/install-guide/installing-index/#elasticsearch-compatibility

[smrgeoinfo]

Thanks for the heads up, I was looking at https://docs.geonetwork-opensource.org/latest/install-guide/installing-index/ for 4.4.2 where it says
Elasticsearch compatibility
Elasticsearch Version Compatibility
Elasticsearch 7.15.x minimum
Elasticsearch 8.11.3 tested

and the instructions for installation start...
Download: Elasticsearch 8.x

I figured tested mean that it works....

[smrgeoinfo]

the pom.xml in core-geonetwork repo also has <es.version>8.11.3</es.version>

[smrgeoinfo]

OK, got something working, here's the workflow:

checkout 4.2.x core-geonetwork branch
in core-geonetwork:
es>mvn install -Pes-download
installs es 7.17.15
get kibana 7.17.15

update ES_JAVA_HOME to point to the one in core-geonetwork\es\elasticsearch-7.17.15\jdk
run elasticsearch to get user names, passwords, follow guide for es security setup: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html
Got the es passwords, autogenerated

Set up Kibana login...
in kibana.yml

elasticsearch.username: "kibana_system"

then run this to create keystore

kibana.../bin> .\kibana-keystore create
kibana.../bin> .\kibana-keystore add elasticsearch.password

Side track: try
core-geonetwork>mvn clean install -DskipTests
from the 4.2.x branch. It fails:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project
 gn-common: Compilation failure: Compilation failure:
[ERROR] /C:/Users/smrTu/OneDrive/Documents/GithubC/geonetwork/core-geonetwork/common/src/main/java/org/fao/geonet/utils/Xml.java:[65,22] package javax.xml.bind does not exist

try downloading https://github.com/geonetwork/core-geonetwork/archive/refs/tags/4.4.2.zip
unzip to a directory go to core-geonetwork there, run
core-geonetwork>mvn clean install -DskipTests
It fails similarly, but later in the build sequence at 'package com.amazonaws does not exist'

so... try checkout core-geonetwork/main
put the elasticsearch passwords (es.username, es.password, lines 1560-61) in core-geonetwork/pom.xml
core-geonetwork>mvn clean install -DskipTests
BUILD SUCCEEDS!!!
Copy geonetwork.war from core-geonetwork/web/target to tomcat9.0.85/webapps, restart tomcat, wait awhile, try localhost:8080/geonetwork, and things seem to be working. Says "Powered by GeoNetwork 4.4.3.SNAPSHOT" down in the lower left corner. Only 3 days of fooling around to get here!

[smrgeoinfo]

solved for now, close