SSL Certificate APIedit

Get Certificates Requestedit

The X.509 Certificates that are used to encrypt communications in an Elasticsearch cluster using the security().getSslCertificates() method:

GetSslCertificatesResponse response =;

Get Certificates Responseedit

The returned GetSslCertificatesResponse contains a single field, certificates. This field, accessed with getCertificates returns a List of CertificateInfo objects containing the information for all the certificates used.

List<CertificateInfo> certificates = response.getCertificates(); 

certificates is a List of CertificateInfo

Synchronous executionedit

When executing a GetUserPrivilegesRequest in the following manner, the client waits for the GetSslCertificatesResponse to be returned before continuing with code execution:

GetSslCertificatesResponse response =;

Synchronous calls may throw an IOException in case of either failing to parse the REST response in the high-level REST client, the request times out or similar cases where there is no response coming back from the server.

In cases where the server returns a 4xx or 5xx error code, the high-level client tries to parse the response body error details instead and then throws a generic ElasticsearchException and adds the original ResponseException as a suppressed exception to it.

Asynchronous executionedit

Executing a GetUserPrivilegesRequest can also be done in an asynchronous fashion so that the client can return directly. Users need to specify how the response or potential failures will be handled by passing the request and a listener to the asynchronous get-certificates method:, listener); 

The GetUserPrivilegesRequest to execute and the ActionListener to use when the execution completes

The asynchronous method does not block and returns immediately. Once it is completed the ActionListener is called back using the onResponse method if the execution successfully completed or using the onFailure method if it failed. Failure scenarios and expected exceptions are the same as in the synchronous execution case.

A typical listener for get-certificates looks like:

ActionListener<GetSslCertificatesResponse> listener = new ActionListener<GetSslCertificatesResponse>() {
    public void onResponse(GetSslCertificatesResponse getSslCertificatesResponse) {

    public void onFailure(Exception e) {

Called when the execution is successfully completed.

Called when the whole GetUserPrivilegesRequest fails.