Home > Maven > Maven https repository with self-signed ssl certificate

Maven https repository with self-signed ssl certificate

Tuesday, 17. November 2009 Leave a comment Go to comments

For a private project I try to use nexus behind apache and ssl. I used a self-signed certificate.

But each nexus repository request ends with a security exception:

[WARNING] repository metadata for: 'artifact org.apache.maven.plugins:maven-enforcer-plugin' could not be retrieved from repository: nexus-plugin-releases due to an error: Error transferring file: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I found many site for that problem and they describe always the same solution

import the self signed cert in your local truststore!

… here are the steps:

  1. download the certificate
  2. create a local truststore and import the certificat
  3. call maven with the correct security properties

The import is simple  (java keytool):

keytool.exe -importcert
            -alias nexus-xxx
            -keystore xxx.jks
            -storepass secret
            -file xxx.crt

For maven I’m using a cygwin bash alias:

alias mvn_xxx='/cygdrive/d/maven-2.2.1/bin/mvn
-gs "d:/maven-2.2.1/conf/settings-xxx.xml"
-s "d:/maven-2.2.1/conf/settings-xxx.xml"
-Djavax.net.ssl.trustStore=d:/maven-2.2.1/conf/xxx.jks
-Djavax.net.ssl.trustStorePassword=secret'

I point the global config  (-gs) and the personal config (-s) to the same file to ignore other configuration from my default maven config file (i.e. common mirros settings / repositories etc.).

And at least here is my complete maven setting-nexus settings:

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/settings/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">

  <localRepository>D:\maven-repository-xxx</localRepository>

  <mirrors>
    <mirror>
      <id>xxx-nexus-snapshots</id>
      <mirrorOf>nexus-snapshots</mirrorOf>
      <url>https://nexus.xxx.com/content/groups/public-snapshots/</url>
    </mirror>
    <mirror>
      <id>xxx-nexus-snapshots</id>
      <mirrorOf>nexus-plugin-snapshots</mirrorOf>
      <url>https://nexus.xxx.com/content/groups/public-snapshots/</url>
    </mirror>
    <mirror>
      <id>xxx-nexus-releases</id>
      <mirrorOf>nexus-releases</mirrorOf>
      <url>https://nexus.xxx.com/content/groups/public/</url>
    </mirror>
    <mirror>
      <id>xxx-nexus-releases</id>
      <mirrorOf>nexus-plugin-releases</mirrorOf>
      <url>https://nexus.xxx.com/content/groups/public/</url>
    </mirror>
    <mirror>
      <id>xxx-nexus-releases</id>
      <mirrorOf>*</mirrorOf>
      <url>https://nexus.xxx.com/content/groups/public/</url>
    </mirror>
  </mirrors>

  <profiles>
    <profile>
      <id>xxx-nexus-mirror</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <repositories>
        <repository>
          <id>nexus-releases</id>
          <url>http://foobar</url>
          <releases>
            <enabled>true</enabled>
          </releases>
          <snapshots>
            <enabled>false</enabled>
          </snapshots>
        </repository>
        <repository>
          <id>nexus-snapshots</id>
          <url>http://foobar</url>
          <releases>
            <enabled>false</enabled>
          </releases>
          <snapshots>
            <enabled>true</enabled>
          </snapshots>
        </repository>
      </repositories>
      <pluginRepositories>
        <pluginRepository>
          <id>nexus-plugin-releases</id>
          <url>http://foobar</url>
          <releases>
            <enabled>true</enabled>
          </releases>
          <snapshots>
            <enabled>false</enabled>
          </snapshots>
        </pluginRepository>
        <pluginRepository>
          <id>nexus-plugin-snapshots</id>
          <url>http://foobar</url>
          <releases>
            <enabled>false</enabled>
          </releases>
          <snapshots>
            <enabled>true</enabled>
          </snapshots>
        </pluginRepository>
      </pluginRepositories>
    </profile>
  </profiles>

  <servers>
    <server>
      <id>xxx-nexus-releases</id>
      <username>foo</username>
      <password>bar</password>
    </server>
    <server>
      <id>xxx-nexus-snapshots</id>
      <username>foo</username>
      <password>bar</password>
    </server>
  </servers>

</settings>

You can replace xxx with your personal domain-alias.

Categories: Maven Tags: , , , , , , ,
  1. rherrick
    Tuesday, 31. August 2010 at 21:00

    Very helpful post, thanks for taking the time to document this!

    I streamlined the command a little bit by setting MAVEN_OPTS to hold the -Dxxx options. So you would then have:

    MAVEN_OPTS=-Djavax.net.ssl.trustStore=d:/maven-2.2.1/conf/xxx.jks -Djavax.net.ssl.trustStorePassword=secret

    And you could run the command like this:

    mvn -gs xxx -s xxx clean install

  2. joltcan
    Sunday, 10. February 2013 at 21:02

    Thank you so much, the keystore tip saved my dat!

  1. Tuesday, 17. November 2009 at 18:30

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: