Menu
TL;DR
How to make Eclipse's built-in Maven connect to an HTTPS repository that uses certificate-based authentication?
It seems that m2e is able to find the keystores, but unable to connect. Command-line Maven works like a charm using exactly the same keystores. Run as -> Maven build works with external Maven and not with the embedded one.
Problem
I have a Maven project with a dependency. That dependency is available in a repository that uses SSL certificate-based authentication in addition to regular username-password combination. I need to make it work in Eclipse Luna, with the built-in Maven. All I am able to get is handshake_failure. Investigation of the logs shows that the built-in Maven is unable to find a matching certificate.
When I use Run as -> Maven build with an external Maven, or command-line Maven, it successfully connects to the repository and fetches the artifact exactly as needed.
The interesting thing is, both external and embedded Mavens have the same version (3.2.3).
Setup
I pass these parameters through eclipse.ini:
-Djavax.net.ssl.trustStore=java.cacerts
-Djavax.net.ssl.trustStorePassword=******
-Djavax.net.ssl.keyStore=private.cacerts
-Djavax.net.ssl.keyStorePassword=******
-Djavax.net.debug=ssl,handshake
The trustStore file contains:
repository.location.url (literal repository location here, e.g. myrepository.com)The keyStore file contains an imported PKCS certificate under an alias of the repository.
There seems to be no problem at all with the setup, as the command-line Maven works. If I use external Maven or command-line one, it works. If I swich to embedded one (which is always used for resolving dependencies), handshake error shows up.
What am I doing wrong? I might be missing something completely obvious. Any help would be appreciated.
527
In one-way SSL authentication, the server application shares its public certificate with the client. In a two-way authentication, the client application verifies the identity of the server application, and then the server application verifies the identity of the client application.
You want to configure a two way authentication in HTTP Listeners or HTTP Requesters in Mule 4. Using two ways authentication is not easy to test, since many available tools have different ways to configure the key store and trust store for each http message, so we'll do it all with the Mule 4 HTTP connectors.
Client Java Implementation First, we create an SSLSocket that establishes a connection with the server. In the background, the socket will set up the TLS connection establishment handshake. As part of this handshake, the client will verify the server's certificate and check that it's in the client truststore.
TrustStore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in an SSL connection. While Keystore is used to store private key and identity certificates that a specific program should present to both parties (server or client) for verification.
Options that didn't work for me
Steps that resolved the issue for me
updated on 9/19/2017
191
I had exactly the same problem: Eclipse could not connect to external maven repository using embedded maven installation in case the repository requires a client SSL certificate.
The problem was solved by upgrading to latest jvm (in my case - 1.8.0u52) and upgrading Eclipse m2e plugin to version 1.6.1 (with Eclipse version 4.4.0).
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
