Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

scala sbt and corporate proxy - SunCertPathBuilderException

Tags:

java

ssl

scala

sbt

When I try to use SBT some files cannot be downloaded with the following error:

Server access Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target url=https://repo1.maven.org/maven2/org/scala-sbt/sbt/1.0.0-M4/sbt-1.0.0-M4.jar

I have followed some advice on Stack Overflow and imported the corporate proxy SSL certificate with the java keytool as described in: SSL certificate problem in a web service proxy

It does not seems to affect the SBT tool. Does it look in a different keystore? Any ideas?

If I paste the URL on the browser the file downloads.

I get this error when simply running the SBT tool I have installed. When I try to create a SBT project on IntelliJ Idea and update it, it gives me the same error with different URLs. Same thing when trying to use the lightbend activator.

like image 477
Thiago Sayão Avatar asked Feb 01 '17 13:02

Thiago Sayão

2 Answers

So this happens when you are behind a proxy and we need the proxy server certificate to be added to the java truststore 

cp $JAVA_HOME/jre/lib/security/cacerts <some accessible dir>/
# Get the certificate of the proxy server and store it in a file-proxy.pem
keytool -keystore cacerts -import -file proxy.pem -alias my_proxy
# Now we can invoke sbt with following config
sbt  "-Djavax.net.ssl.trustStore=/path/to/included/proxycert/cacerts" compile
like image 150
ameet chaubal Avatar answered Oct 21 '22 06:10

ameet chaubal

If I recall correctly, SBT indirectly uses an old version of apache commons httpclient (3.1) which doesn't respect the java system properties for specifying truststores by default.

I can think of three potential solutions:

  1. Use a proxy repository like artifactory so SBT can only has to connect to the proxy and the proxy can take care of https outwards via the corporate proxy.

  2. Install the corporate issuing certificate into the default truststore for the JVM (usually %JDK_HOME%/jre/lib/security/cacerts). You would have to do this each time you run a new JRE.

  3. Try using coursier. It's a plugin for SBT which provides a different way of fetching dependencies that does not go through apache httpclient. It uses an http library which I think should respect the java system properties for truststore. It's also much faster.

like image 27
Brian Smith Avatar answered Oct 21 '22 06:10

Brian Smith
Sign in to Comment

Related questions

Installing Java plugin for Chrome in Ubuntu
What is the meaning of "per route basis" in PoolingClientConnectionManager?
javax.naming.CommunicationException: simple bind failed [duplicate]
Is Java socket multi-thread safe?
What is called a forward reference in Java?
GZIPOutputStream: Increase compression level
java generics: getting class of a class with generic parameters
Get Context in Android library
Spring Boot and @ComponentScan between two jars
JavaFX 8 - How to bind TextField text property to TableView integer property
Understanding Hibernate hibernate.max_fetch_depth and hibernate.default_batch_fetch_size
java.lang.Long cannot be cast to java.lang.String in Java
Android Glide placeholder size
keycloak error : Unrecognized field "access_token"
SendGrid emailing API , send email attachment
SpringBoot: Can't Autowire Class from Other Jar Library
Convert HTML File to PDF Using Java [closed]
Irregularities with the (?) wildcard generic type
Does Google's GSON use constructors?
Jackson , java.time , ISO 8601 , serialize without milliseconds

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!