Sonatype Nexus - unable to find valid certification path to requested target

Question

I am using a local Sonaty Nexus where I am proxying a couple of external Maven repositories. Up to now the proxied only http repositories but for some artifacts I had to introduce Camunda. Using the Nexus remote content browser I can browse its content but the Nexus doesn't download its index. More than that, in the nexus log appear the following errors:

2014-01-08 11:44:27 WARN  [xy-3-thread-218] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Remote peer of proxy repository "Camunda Secure" [id=camunda.secure] threw a org.sonatype.nexus.proxy.RemoteStorageException exception. Connection/transport problems occured while connecting to remote peer of the repository. - Cause(s): Transport error while executing GET method [repositoryId="camunda.secure", requestPath="/", remoteUrl="https://app.camunda.com/nexus/content/groups/public/"] > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > unable to find valid certification path to requested target
2014-01-08 11:44:44 ERROR [tp13549765-1372] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Got RemoteStorageException in proxy repository "Camunda Secure" [id=camunda.secure] while retrievingremote artifact "ResourceStoreRequest(requestPath="/.meta/repository-metadata.xml")" from URL https://app.camunda.com/nexus/content/groups/public/, this is 1 (re)try, cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2014-01-08 11:44:44 ERROR [tp13549765-1372] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Got RemoteStorageException in proxy repository "Camunda Secure" [id=camunda.secure] while retrievingremote artifact "ResourceStoreRequest(requestPath="/.meta/repository-metadata.xml")" from URL https://app.camunda.com/nexus/content/groups/public/, this is 2 (re)try, cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2014-01-08 11:44:44 ERROR [tp13549765-1372] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Got RemoteStorageException in proxy repository "Camunda Secure" [id=camunda.secure] while retrievingremote artifact "ResourceStoreRequest(requestPath="/.meta/repository-metadata.xml")" from URL https://app.camunda.com/nexus/content/groups/public/, this is 3 (re)try, cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2014-01-08 11:44:44 WARN  [tp13549765-1372] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Remote peer of proxy repository "Camunda Secure" [id=camunda.secure] threw a org.sonatype.nexus.proxy.RemoteStorageException exception. Connection/transport problems occured while connecting to remote peer of the repository. - Cause(s): Transport error while executing GET method [repositoryId="camunda.secure", requestPath="/.meta/repository-metadata.xml", remoteUrl="https://app.camunda.com/nexus/content/groups/public/.meta/repository-metadata.xml"] > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > unable to find valid certification path to requested target

What should I do to be able to download its index and to reference those artifacts in my Maven project?

SK

Answer 1

Bottom line here:-

Your maven is not able to find the certificate for the server it is trying to connect say foo.domain.com in the keystore .

Steps to solving

1) Identify the keystore your maven is using -This is very important . Because you may keep adding certificate to the keystore but not to the one maven looks for

Tips here :-

a) If no specific configuration is involved it should look the default JDK keystore - caccerts in the JAVA_HOME

b)if you have configured the .mavnerc under /Users/username/ , This will override the default settings. So make sure you look here to know where it points

2) Download the certificate and import to the correct keystore using keytool command

keytool -import -alias alias_name -file certificate_name -keystore keystorelocation