Maven https repository with self-signed ssl certificate
For a private project I try to use nexus behind apache and ssl. I used a self-signed certificate.
But each nexus repository request ends with a security exception:
[WARNING] repository metadata for: 'artifact org.apache.maven.plugins:maven-enforcer-plugin' could not be retrieved from repository: nexus-plugin-releases due to an error: Error transferring file: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I found many site for that problem and they describe always the same solution
import the self signed cert in your local truststore!
… here are the steps:
- download the certificate
- create a local truststore and import the certificat
- call maven with the correct security properties
The import is simple (java keytool):
keytool.exe -importcert
-alias nexus-xxx
-keystore xxx.jks
-storepass secret
-file xxx.crt
For maven I’m using a cygwin bash alias:
alias mvn_xxx='/cygdrive/d/maven-2.2.1/bin/mvn -gs "d:/maven-2.2.1/conf/settings-xxx.xml" -s "d:/maven-2.2.1/conf/settings-xxx.xml" -Djavax.net.ssl.trustStore=d:/maven-2.2.1/conf/xxx.jks -Djavax.net.ssl.trustStorePassword=secret'
I point the global config (-gs) and the personal config (-s) to the same file to ignore other configuration from my default maven config file (i.e. common mirros settings / repositories etc.).
And at least here is my complete maven setting-nexus settings:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/settings/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository>D:\maven-repository-xxx</localRepository>
<mirrors>
<mirror>
<id>xxx-nexus-snapshots</id>
<mirrorOf>nexus-snapshots</mirrorOf>
<url>https://nexus.xxx.com/content/groups/public-snapshots/</url>
</mirror>
<mirror>
<id>xxx-nexus-snapshots</id>
<mirrorOf>nexus-plugin-snapshots</mirrorOf>
<url>https://nexus.xxx.com/content/groups/public-snapshots/</url>
</mirror>
<mirror>
<id>xxx-nexus-releases</id>
<mirrorOf>nexus-releases</mirrorOf>
<url>https://nexus.xxx.com/content/groups/public/</url>
</mirror>
<mirror>
<id>xxx-nexus-releases</id>
<mirrorOf>nexus-plugin-releases</mirrorOf>
<url>https://nexus.xxx.com/content/groups/public/</url>
</mirror>
<mirror>
<id>xxx-nexus-releases</id>
<mirrorOf>*</mirrorOf>
<url>https://nexus.xxx.com/content/groups/public/</url>
</mirror>
</mirrors>
<profiles>
<profile>
<id>xxx-nexus-mirror</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>nexus-releases</id>
<url>http://foobar</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>nexus-snapshots</id>
<url>http://foobar</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>nexus-plugin-releases</id>
<url>http://foobar</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</pluginRepository>
<pluginRepository>
<id>nexus-plugin-snapshots</id>
<url>http://foobar</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<servers>
<server>
<id>xxx-nexus-releases</id>
<username>foo</username>
<password>bar</password>
</server>
<server>
<id>xxx-nexus-snapshots</id>
<username>foo</username>
<password>bar</password>
</server>
</servers>
</settings>
You can replace xxx with your personal domain-alias.
joltcan, 
rherrick, und 
Andreas Höhmann's Weblog 
create self signed multi domain certificate « waffel’s Weblog 18:30 am Dienstag, 17. November 2009 Permalink | Zum Antworten anmelden
[…] For exmaple if you need such certificate to connect your maven with a self installed nexus repositiory over https you can follow the article from ahoehma. […]
rherrick 21:00 am Dienstag, 31. August 2010 Permalink | Zum Antworten anmelden
Very helpful post, thanks for taking the time to document this!
I streamlined the command a little bit by setting MAVEN_OPTS to hold the -Dxxx options. So you would then have:
MAVEN_OPTS=-Djavax.net.ssl.trustStore=d:/maven-2.2.1/conf/xxx.jks -Djavax.net.ssl.trustStorePassword=secret
And you could run the command like this:
mvn -gs xxx -s xxx clean install
joltcan 21:02 am Sonntag, 10. Februar 2013 Permalink | Zum Antworten anmelden
Thank you so much, the keystore tip saved my dat!