TL;DR How to make Eclipse's built-in Maven connect to an HTTPS repository that uses certificate-based authentication? It seems that <code>m2e</code> is able to find the keystores, but unable to connect. Command-line Maven works like a charm using exactly the same keystores. <code>Run as -> Maven build</code> works with external Maven and not with the embedded one. Problem I have a Maven project with a dependency. That dependency is available in a repository that uses SSL certificate-based authentication in addition to regular username-password combination. I need to make it work in Eclipse Luna, with the built-in Maven. All I am able to get is <code>handshake_failure</code>. Investigation of the logs shows that the built-in Maven is unable to find a matching certificate. When I use <code>Run as -> Maven build</code> with an external Maven, or command-line Maven, it successfully connects to the repository and fetches the artifact exactly as needed. The interesting thing is, both external and embedded Mavens have the same version (3.2.3). Setup I pass these parameters through <code>eclipse.ini</code>: <pre class="prettyprint"><code>-Djavax.net.ssl.trustStore=java.cacerts -Djavax.net.ssl.trustStorePassword=****** -Djavax.net.ssl.keyStore=private.cacerts -Djavax.net.ssl.keyStorePassword=****** -Djavax.net.debug=ssl,handshake </code></pre> The <code>trustStore</code> file contains: <ul> <li>the whole certificate chain for the repository I connect to (the chain ends with a self-signed certificate), one of them being stored under the alias <code>repository.location.url</code> (literal repository location here, e.g. myrepository.com)</li> <li>certificate for maven central</li> </ul> The <code>keyStore</code> file contains an imported PKCS certificate under an alias of the repository. There seems to be no problem at all with the setup, as the command-line Maven works. If I use external Maven or command-line one, it works. If I swich to embedded one (which is always used for resolving dependencies), <code>handshake error</code> shows up. What am I doing wrong? I might be missing something completely obvious. Any help would be appreciated.

Options that didn't work for me <ul> <li>Installing certificate to java > jre > lib > security > cacerts</li> <li>Providing cacerts in java run configuration vm arguments</li> <li>Updating eclipse to latest versions like mars or neon</li> <li>Updating maven plugin for eclipse to 1.7.0</li> </ul> Steps that resolved the issue for me <ul> <li> Download certificate file & add in eclipse at Preferences > Remote Systems > SSL > Add </li> <li>Clear .m2 > repository folder of all existing files</li> <li>Open eclipse, right-click on project and Select Maven > Update Project. Choose Force Update of Snapshots/Releases </li> </ul> updated on 9/19/2017 <ul> <li>If nothing else works, Installing the certificate to Java on your machine @ java > jre > lib > security > cacerts can help</li> </ul>

I had exactly the same problem: Eclipse could not connect to external maven repository using embedded maven installation in case the repository requires a client SSL certificate. The problem was solved by upgrading to latest jvm (in my case - 1.8.0u52) and upgrading Eclipse m2e plugin to version 1.6.1 (with Eclipse version 4.4.0).

m2e with ssl certificate-based authentication

TL;DR

How to make Eclipse's built-in Maven connect to an HTTPS repository that uses certificate-based authentication?

It seems that m2e is able to find the keystores, but unable to connect. Command-line Maven works like a charm using exactly the same keystores. Run as -> Maven build works with external Maven and not with the embedded one.

Problem

I have a Maven project with a dependency. That dependency is available in a repository that uses SSL certificate-based authentication in addition to regular username-password combination. I need to make it work in Eclipse Luna, with the built-in Maven. All I am able to get is handshake_failure. Investigation of the logs shows that the built-in Maven is unable to find a matching certificate.

When I use Run as -> Maven build with an external Maven, or command-line Maven, it successfully connects to the repository and fetches the artifact exactly as needed.

The interesting thing is, both external and embedded Mavens have the same version (3.2.3).

Setup

I pass these parameters through eclipse.ini:

-Djavax.net.ssl.trustStore=java.cacerts
-Djavax.net.ssl.trustStorePassword=******
-Djavax.net.ssl.keyStore=private.cacerts
-Djavax.net.ssl.keyStorePassword=******
-Djavax.net.debug=ssl,handshake

The trustStore file contains:

the whole certificate chain for the repository I connect to (the chain ends with a self-signed certificate), one of them being stored under the alias repository.location.url (literal repository location here, e.g. myrepository.com)
certificate for maven central

The keyStore file contains an imported PKCS certificate under an alias of the repository.

There seems to be no problem at all with the setup, as the command-line Maven works. If I use external Maven or command-line one, it works. If I swich to embedded one (which is always used for resolving dependencies), handshake error shows up.

What am I doing wrong? I might be missing something completely obvious. Any help would be appreciated.

What is 1 way and 2 way SSL?

In one-way SSL authentication, the server application shares its public certificate with the client. In a two-way authentication, the client application verifies the identity of the server application, and then the server application verifies the identity of the client application.

Can we enable 2 way SSL in HTTP listener?

You want to configure a two way authentication in HTTP Listeners or HTTP Requesters in Mule 4. Using two ways authentication is not easy to test, since many available tools have different ways to configure the key store and trust store for each http message, so we'll do it all with the Mule 4 HTTP connectors.

How is certificate based authentication implemented in Java?

Client Java Implementation First, we create an SSLSocket that establishes a connection with the server. In the background, the socket will set up the TLS connection establishment handshake. As part of this handshake, the client will verify the server's certificate and check that it's in the client truststore.

What is the difference between a keystore and a truststore?

TrustStore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in an SSL connection. While Keystore is used to store private key and identity certificates that a specific program should present to both parties (server or client) for verification.

Options that didn't work for me

Installing certificate to java > jre > lib > security > cacerts
Providing cacerts in java run configuration vm arguments
Updating eclipse to latest versions like mars or neon
Updating maven plugin for eclipse to 1.7.0

Steps that resolved the issue for me

Download certificate file & add in eclipse at Preferences > Remote Systems > SSL > Add
Clear .m2 > repository folder of all existing files
Open eclipse, right-click on project and Select Maven > Update Project. Choose Force Update of Snapshots/Releases

updated on 9/19/2017

If nothing else works, Installing the certificate to Java on your machine @ java > jre > lib > security > cacerts can help

I had exactly the same problem: Eclipse could not connect to external maven repository using embedded maven installation in case the repository requires a client SSL certificate.

The problem was solved by upgrading to latest jvm (in my case - 1.8.0u52) and upgrading Eclipse m2e plugin to version 1.6.1 (with Eclipse version 4.4.0).

m2e with ssl certificate-based authentication

Tags:

java

eclipse

ssl-certificate

maven

m2e

Miki

People also ask

2 Answers

Uvaraj Krishna

Alexey Sh.

Recent Activity

Donate For Us

m2e with ssl certificate-based authentication

Tags:

java

eclipse

ssl-certificate

maven

m2e

Miki

People also ask

2 Answers

Uvaraj Krishna

Alexey Sh.

Related questions

Recent Activity

Donate For Us