Menu
I recently switched to letsencrypt certificates for my maven repo (Artifactory behind Apache proxy). Repo access via browser works fine, showing no problems with the certificate (screenshot below).
It also works if I import the certificate manually into the java keystore.
But according to this SO question, Java should accept letsencrypt certificates starting with 8u101.
I am always getting this exception:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target -> [Help 1]
C:\myproject>mvn -version
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T17:41:47+01:00)
Maven home: C:\maven
Java version: 1.8.0_112, vendor: Oracle Corporation
Java home: C:\jdk1.8_win64\jre
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 10", version: "10.0", arch: "amd64", family: "dos"
384
Finally figured it out, 3 months later...
The apache server in front of the maven artifactory repository was not configured to provide the intermediate certificate in the chain.
I downloaded the intermediate certificate - Let’s Encrypt Authority X3 (IdenTrust cross-signed) - and configured apache to serve it, too.
Actually, the domain.crt file contains both the domain and the intermediate certificate, and for all of my test browsers that was always good enough. But the eclipse/maven setup on that one machine could not handle it.
I only started to look into the apache config after an SSL Labs check told me that the certificate chain was incomplete (even though no browser seemed to care).
Before:
SSLEngine On
SSLCertificateFile "path/to/domain.crt"
SSLCertificateKeyFile "path/to/domain.key"
After:
SSLEngine On
SSLCertificateFile "path/to/domain.crt"
SSLCertificateKeyFile "path/to/domain.key"
SSLCertificateChainFile "path/to/letsencrypt-authority-x3-identrust.pem"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With