Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Maven - unable to find valid certification path

I'm new to maven and am having trouble adding a dependency (sl4j). I was given this project which was apparently converted to maven from ant. Btw, a clean install doesn't work. Here's the pom.xml:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.xxx.tools</groupId>
    <artifactId>someName</artifactId>
    <version>1.0</version>
    <name>A Name</name>
    <description>Description</description>

    <properties>
        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>
    </properties>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-shade-plugin</artifactId>
                <version>3.1.0</version>
                <executions>
                    <execution>
                        <phase>package</phase>
                        <goals>
                            <goal>shade</goal>
                        </goals>
                        <configuration>
                            <transformers>
                                <transformer
                                    implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
                                    <mainClass>com.MyClient</mainClass>
                                </transformer>
                            </transformers>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

It give the following message on a clean install:

`ERROR] Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:3.1.0:shade (default) on project xxxx: Execution default of goal org.apache.maven.plugins:maven-shade-plugin:3.1.0:shade failed: Plugin org.apache.maven.plugins:maven-shade-plugin:3.1.0 or one of its dependencies could not be resolved: Failed to collect dependencies at org.apache.maven.plugins:maven-shade-plugin:jar:3.1.0 -> org.apache.maven:maven-plugin-api:jar:3.0 -> org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2 -> org.codehaus.plexus:plexus-component-annotations:jar:1.6: Failed to read artifact descriptor for org.codehaus.plexus:plexus-component-`annotations:jar:1.6: Could not transfer artifact org.codehaus.plexus:plexus-component-annotations:pom:1.6 from/to central (https://repo.maven.apache.org/maven2): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help
like image 328
Jack BeNimble Avatar asked Feb 03 '18 01:02

Jack BeNimble


People also ask

What is m2 settings XML?

m2 directory. Maven's default settings. xml is a template with comments and examples so you can quickly tweak it to match your needs. Here is an overview of the top elements under settings : <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

How do I authenticate with Maven?

Authentication is configured in Maven using <server> elements in the settings. xml file. Each <repository> and <mirror> element specified in the file must have a corresponding <server> element with a matching <id> that specifies the username and password.

How do I access my Maven repository?

Maven central repository is located on the web. It has been created by the apache maven community itself. The path of central repository is: http://repo1.maven.org/maven2/. The central repository contains a lot of common libraries that can be viewed by this url http://search.maven.org/#browse.


3 Answers

Your Maven is trying to download an indirect dependency from Maven Central Repository located at https://repo.maven.apache.org/maven2, which is a secured HTTP server (HTTPS). Maybe there's some certificate issue on your Java installation or some security rule on you network infrastructure preventing the access.

First try to access that very URL on you browser and check if it's operational. If you can access the website, the problem is not on your network. Problably you'll need to fix your Java trusted certificates list somehow in order to accept that server. Have a look at this question/answer: "PKIX path building failed" and "unable to find valid certification path to requested target"

But if you really can't access the Maven Central Repo with HTTPS from your browser, maybe it's becouse you are behind some proxy rule that is keeping you from download the server certificate. Of course it won't work with Maven either. Then, have a look at this another question/answer: Problems using Maven and SSL behind proxy

like image 133
Rafael Odon Avatar answered Nov 09 '22 07:11

Rafael Odon


Try the build project by pointing to correct certificate

mvn clean install -Djavax.net.ssl.trustStore=<path to certificate>
like image 30
Dileep Dominic Avatar answered Nov 09 '22 05:11

Dileep Dominic


So for the many of us behind a corporate proxy - there are always issues.

In this case my corporate proxy's certificate was not in my Java cacerts file but it was in my browser's trust store.

I solved this error by the following process (in October 2022 - no future guarantees here).

  1. Open the missing download as a link in my browser (Chrome Version 106.0.5249.103 (Official Build) (64-bit))
  2. Open the security context menu by clicking on the lock icon next to the URL
  3. Expand "Connection is Secure"
  4. Click on "Certificate is Valid"
  5. Go to the "Details" tab and click "Export"

This created a crt file in my Downloads folder. Now I need to add the .crt file to my java cacerts (NOTE: this should the version of java that Maven or other build tool runs in - in my case in Intellij IDEA it is in the "Project Structure" settings. You may have multiple instances of Java and a separate cacerts file in each.)

Next I used "keytool" to import the .crt file into my cacerts file - I followed this Stack Overflow answer: how to add .crt file to keystore and trust store.

keytool -trustcacerts -keystore "cacerts" -storepass changeit -importcert -alias testalias -file "/opt/ssl/test.crt"

Modifying the paths and passwords as needed to match my situation.

A shortcut for identifying the location of the cacerts file is %JAVA_HOME%/lib/security (on windows command prompt) or $env:JAVA_HOME/lib/security in PowerShell. This will only work if your JAVA_HOME is set to match your IDE Project's settings. If you're building in an IDE (and who isn't?) then the IDE will control the Java environment used to run Maven (or other build tool).

As soon as I imported the .crt file of my corporate proxy into the correct cacerts file - my Maven builds started working again.

One day in the future - I would like to simply tell my IDE and Java to simply grab whatever trust store my company configures in my browser. That technology would be like magic.

like image 1
Puffy_Fluff Avatar answered Nov 09 '22 07:11

Puffy_Fluff