Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Intellij/Gradle sync fails behind Corporate proxy

I am behind a corporate firewall (Zscaler) which rewrites TLS traffic with its own certs.

When I try to create a Gradle project in intellij, I receive the following error, even after importing the CA and intermediate certs into both Intellij (via the Server Certificates settings page) and into every Java trust store I can think of.

Sync Failed
Download https://services.gradle.org/distributions/gradle-4.0-bin.zip   797ms
Cause: unable to find valid certification path to requested target

I even imported them into Intellij's private JRE e.g.

C:\Progra~1\Java\jdk1.8.0_131\bin\keytool.exe -importcert -alias zscaler_root_ca     -keystore C:\Progra~1\Java\jdk1.8.0_131\jre\lib\security\cacerts -storepass changeit -file zscaler_root_ca.crt
C:\Progra~1\Java\jre1.8.0_151\bin\keytool.exe -importcert -alias zscaler_root_ca     -keystore C:\Progra~1\Java\jre1.8.0_151\lib\security\cacerts -storepass changeit -file zscaler_root_ca.crt
"C:\Users\jonathan.bates\AppData\Local\JetBrains\Toolbox\apps\IDEA-U\ch-0\173.4301.25\jre64\bin\keytool.exe" -importcert -alias zscaler_root_ca     -keystore "C:\Users\jonathan.bates\AppData\Local\JetBrains\Toolbox\apps\IDEA-U\ch-0\173.4301.25\jre64\lib\security\cacerts" -storepass changeit -file zscaler_root_ca.crt

Do I need to be doing anything else?

like image 262
Jon Bates Avatar asked Jan 23 '18 11:01

Jon Bates


People also ask

How do I change the proxy settings in IntelliJ Gradle?

Configure proxy settings directly from IntelliJ IDEA. Do the following: Open the Version Control | Subversion | Network page of the IDE settings Ctrl+Alt+S . Click the Edit Network Options button and specify the proxy settings in the Edit Subversion Options Related to Network Layers dialog that opens.

How do I run Gradle sync in IntelliJ?

There is a useful shortcut Ctrl + Shift + A , after which a window appears and you can type some command that you would like IntelliJ to run. Just type "sync" in there and it will find that command Sync Project with Gradle Files, even if it's not visible in the menu.

How do I refresh the Gradle cache in IntelliJ?

We can do this by: Selecting one of the suggestions in the message; Pressing on the Refresh Gradle icon in the top right, Using the keyboard shortcut ⇧⌘I (macOS), or Ctrl+Shift+O (Windows/Linux).


1 Answers

The corporate issued certificate needs to be included in the truststore used by Gradle. Troubleshooting this can be difficult, especially if you have multiple versions of Java and the JRE installed. The first thing to determine is what JRE Gradle is using. There is an answer that points out the issue is resolved by using Gradle Wrapper. The Gradle Wrapper calls the project specific Java environment which is defined in gradle.properties. By default, it is set to distributionBase=GRADLE_USER_HOME. To get Gradle to build with untrusted certificates one can follow the instructions in the documentation:

The SSL certificate for the HTTP build cache backend may be untrusted since it is internally provisioned or a self-signed certificate.

In such a scenario, you can either configure the build JVM environment to trust the certificate, or set this property to true to disable verification of the server's identity.

Allowing communication with untrusted servers keeps data encrypted during transmission, but makes it easier for a man-in-the-middle to impersonate the intended server and capture data.

It is better to import the cert into the JVM used by Gradle which looks like what you were trying to do. If you want IntelliJ to know about the corporate certificate you can import those via the UI by Navigating to Settings > Tools > Server Certificates. Import the certificate file issued by your organization and retry the build.

like image 186
Nathan Avatar answered Sep 19 '22 23:09

Nathan