Maven+Nexus+Jenkins SSL certificate error - maven

I have installed certificate to nexus. When i start jenkins builder im getting an error:
[ERROR] Failed to execute goal on project wf-base: Could not resolve dependencies for project 1.0.0o-SNAPSHOT: Failed to collect dependencies at 1.0.0o-SNAPSHOT:
Failed to read artifact descriptor for 1.0.0o-SNAPSHOT: Could not transfer artifact 1.0.0o-SNAPSHOT from/to Nexus (https://nexus.repository.link):
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

Looks like you're missing a certificate in the chain so your certificate isn't trusted,if it's a self signed certificate you'll need to add it as a root certificate. If the certificate was issued by a CA you'll need to download the missing certificate(s) in the chain and install them.

Here are some options for those of you (like me) who stumbled on this issue.
1. Import CA in java trust store
The first option is to import your certificate authority(ies) in your jre cacert file using keytool.
This option, although it seems to be the most natural, has one drawbacks: this implies to have write access to the JRE / JDK folders, which is not always the case.
2. Pass trust store as a param to the JVM in Maven using Jenkins
Here is the trick: maven passes a set of parameters to the jvm before it runs. These parameters are wrapped in a variable called MAVEN_OPTS wihch are initialized in the mvn script.
The way to go when using Jenkins is to create an environment variable in your slave or your job, call it MAVEN_OPTS and give it the JVM option:
MAVEN_OPTS
-Djavax.net.ssl.trustStore=your_custom_cert_file
As always, there are many other possibilities but these two are the cleanest ones.

Related

Failed to collect dependencies at org.bouncycastle:bc-fips:jar:1.0.2.3

I got an error when I try to build my project using Jenkins
> [ERROR] Failed to execute goal on project luwak-task-storage: Could not resolve dependencies for project
> com.trendmicro.luwak:luwak-task-storage:jar:3.0.0-SNAPSHOT: Failed to
> collect dependencies at org.bouncycastle:bc-fips:jar:1.0.2.3: Failed
> to read artifact descriptor for org.bouncycastle:bc-fips:jar:1.0.2.3:
> Could not transfer artifact org.bouncycastle:bc-fips:pom:1.0.2.3
> from/to central
> (https://nexus.trendmicro.com/nexus/repository/maven-central/):
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target -> [Help 1]
I got a dependency called org.bouncycastle:bc-fips:pom:1.0.2.3, it is the library that cannot be resolved, but I don't know why.
I can build my project successfully on local, but when using Jenkins, I got this error.
I have read some threads but none of them resolve my issue. Please help.
I got a dependency called org.bouncycastle:bc-fips:pom:1.0.2.3, it is
the library that cannot be resolved, but I don't know why?
Because your server don't have that dependency/library yet and failed prior to get those required artifacts due to the following reason:
Your system (Jenkins server) is unable to validate the server identity from where it is trying pulling the artifacts and hence unable to establish a proper channel for communication.
If you recognized & trust target server then you can add the CA certs on Jenkins server (most probably in java keystore utilize by Jenkins) to validate the handshake process.
https://stackoverflow.com/a/63491078/9926179

Maven: All Plugins & Dependencies are underlined Red

ANY IDEAS?? I downloaded a Maven project for IntelliJ and cannot build it. I get errors for dependencies and plugins:
(SOLVED: THIS was because I was trying to run it on my work laptop in work, and the company firewall was blocking me from downloading from the public Maven repository. Thank you)
VIEW BUILD LOG HERE
VIEW IDEA LOG HERE
From reviewing the log files, its as people have mentioned IntelliJ is not able to actually download the dependencies.
The reason why is:
Caused by: java.lang.RuntimeException:
org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact org.springframework:spring-aop:pom:4.1.2.RELEASE from/to central (https://repo.maven.apache.org/maven2):
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This typically can occur when all your external traffic is being routed by a corporate proxy that is performing a man-in-the-middle type of scan where the traffic is decrypted, scanned and then re-encrypted.
We experience the same thing in our office so our solution was:
Install your own version of the java SDK (Ex. using SDKMan)
In your new install import into the default trust store the certificates required to validate the new certificate chain
Helps to access the URL in Chrome to view the certificate chain)
If it doesn't look like the Screenshot then there is a proxy
Update IntelliJ so the Project SDK is the new one
Update IntelliJ so JDK for importer is the new one
Click the Reimport All Maven Projects in IntelliJ
This should allow it to continue to work without problems, alternatively in IntelliJ you can run the adhoc maven goal of:
mvn clean install -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true
And it should install all the required dependencies into the local maven cache by ignoring all the SSL certificate problems however this is generally a bad idea.
At this point you can then click the Reimport All Maven Projects in IntelliJ to have it refresh but I found this always doesn't work as IntelliJ sometimes downloads additional plugin dependencies that it can get hung up on that are outside of the clean install goals.

How to understand/fix 'Could not resolve all files for configuration' during IntelliJ-gradle plugin build

I am just getting started making plugins and am hoping to make an IntelliJ plugin using gradle and java. For now, just to learn the basic, all I am trying to do is change the menubar in IntelliJ. But, following this IntelliJ tutorial, I created a Gradle project with Java and IntelliJ Platform Plugin as the additional libraries/frameworks, and when I build, even if I do not change anything at all once the project is created, I get an error I do not understand and do not know how to fix:
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project 'project.project'.
> Could not resolve all files for configuration ':detachedConfiguration1'.
> Could not resolve com.jetbrains.intellij.idea:ideaIC:2019.2.3.
Required by:
project :
> Could not resolve com.jetbrains.intellij.idea:ideaIC:2019.2.3.
> Could not get resource 'https://cache-redirector.jetbrains.com/www.jetbrains.com/intellij-repository/releases/com/jetbrains/intellij/idea/ideaIC/2019.2.3/ideaIC-2019.2.3.pom'.
> Could not GET 'https://cache-redirector.jetbrains.com/www.jetbrains.com/intellij-repository/releases/com/jetbrains/intellij/idea/ideaIC/2019.2.3/ideaIC-2019.2.3.pom'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
However, when I create a gradle project, and do not use the IntelliJ Platform Plugin, I am able to build and create tasks etc. and as best I can tell it works fine.
I'm using:
IntelliJ 2019.2.3
Gradle 5.6.2
Java 8
I assume that there is something simple I am missing since I am so new but I haven't seen solutions to this issue elsewhere that I was able to use. Any help with this is appreciated.
The last line in the errors looks like a problem with the chain of certificates. This happens when the Gradle plugin attempts to download a build of IntelliJ IDEA v2019.2.3. But the Gradle plugin for IntelliJ is not involved when you build a generic project.
Have you tried pasting the URL from the failed GET statement into the address bar of your browser?
www.jetbrains.com/intellij-repository/releases/com/jetbrains/intellij/idea/ideaIC/2019.2.3/ideaIC-2019.2.3.pom
Does the POM file download or do you get an error about certificates?
If you get certificate errors, searching for sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target will yield postings about how to import a server certificate and install it in your JDK's keystore.

Skip ssl certificates check for Maven in Jenkins

I am trying to integrate Jenkins maven plugin to pull dependencies from a local nexus server. When the build starts I end up with the following Error
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have tried to disable it by suppling the following wagon ssl properties as MAVEN_OPTS:
-Dmaven.wagon.http.ssl.insecure=true
-Dmaven.wagon.http.ssl.allowall=true
-Dmaven.wagon.http.ssl.ignore.validity.dates=true
I have also tried to add the certificate to the
javahome/lib/security/cacerts of the JVM.
using the key tool
are there any additional things I should try to disable the self-signed certificate check.

Maven : PKIX path building failed

Maven build throwing this exception
Failed to execute goal on project mdf-portal-3rdParty: Could not
resolve dependencies for project
com.alu.ipprd.bsm.soa:mdf-portal-3rdParty:jar:0.0.1-SNAPSHOT: Failed
to collect dependencies at
com.alu.ipprd.bsm.soa.portal.soo:common:jar:0.0.1-SNAPSHOT: Failed to
read artifact descriptor for
com.alu.ipprd.bsm.soa.portal.soo:common:jar:0.0.1-SNAPSHOT: Could not
transfer artifact
com.alu.ipprd.bsm.soa.portal.soo:common:pom:0.0.1-SNAPSHOT from/to
googlecode.com
(http://gmaps4jsf.googlecode.com/svn/trunk/gmaps4jsf-repo):
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target -> [Help 1]
I did not made any single change in pom.xml file ,suddenly after taking update from SVN i am getting this exception.
I will want to know
What is the cause of this problem?
Is this issue due to anything change in SVN server?
Even no any change in local machine why this build fail error?
Something wrong with Gmaps4jsf repository ?(May be due to closing of Google code)
maybe your maven version isnot the proper version. I encounter this problem in 3.2.3. and resolve it in 3.3.9 version.
you need to add ssl certificate to your jre installation
Please refer this answer and follow steps!
Step 1 - Get Root CA certificate
Step 2 - install that certificate at jre cacerts file

Resources