I am setting up a new machine with eclipse Oxygen 4.7. I spent some time getting certificates added to CACERTS so that I could access an external maven repository and access the eclipse marketplace. On Friday afternoon I had everything working. I could reach the eclipse marketplace and maven was able to download my dependencies. Over the weekend I rebooted my machine and my certificates no longer work. I am getting...
Caused by:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target.
Am I missing a step or doing something wrong when adding my certs? These are my steps...
Download the cert for the maven repo from the website. I can navigate to the site fine in my browser. I use the certificate export tool. I export the cert as base 64.
I add the cert to CACERTS using keytool.
If I restart eclipse the cert will now get picked up and on the first try I am able to connect to the maven repo. This is true for the marketplace certificate as well. If I restart my machine after this (might also be triggered by just restarting eclipse again, I will test this) the certs no longer works.
I only have one version of java installed, jdk1.8.0_202.
I tried explicitly setting the path to CACERTS in the eclipse.ini file but that did not make a difference. I do have the settings.xml set up for maven. As I have issues connecting to both my maven repo and the eclipse market place I do not think settings.xml is the culprit. Any ideas would be most appreciated. Thanks.
Related
I am trying to configure Jenkins to download code from SVN repository and to prepare builds.
Jenkins is on one linux machine - version 1.651.1
Subversion Plug-in 2.5.7
SVN repository is set on another linux machine.
A set repository URL to eg: http://abcsvn/svn/project/branches/branch_a/HEAD/
Unfortunately I get: 'Unable to access to repository' message from Jenkins.
I also tried to put IP instead of abcsvn.
From terminal on linux machine where the Jenkins is installed I can ping IP successfully.
What may be the reason of that kind of problem? The URL is correct, because I paste that in Chrome on my machine and it worked correctly.
I also installed Jenkins on my computer with Windows. I set the same parameters and I am still not able to connect to svn repo. In Eclipse I don't have any problem to commit and checkout from svn repo.
If you need any more information to diagnose this problem I will try to complete this post.
Exception says that you have not provided credentials of your svn repository. In newer version of svn we can provide this credential while we configure workspace. In your version it can be provided from manage Jenkins menu.
I would like to ask you, how to solve problem, when I want clone the project in intelliJ 2016.2 and there is an exception "SSL certificate problem: unable to get local issuer certificate"
When I clone using Eclipse, everything is fine. I know that I am using cacerts for authenticate during this process. I suppose Eclipse uses cacerts that I have in my Java security folder. But how to "give" the cacerts to IntelliJ or Git?
Thank you.
I'm working on a couple of Eclipse plugins which, for business reasons, cannot be built on Eclipse Hudson servers. What are my options for signing these plugins so users aren't hit with a "You are installing unverified software" warning?
I've tried using jarsigner to self-sign plugin jars. jarsigner reports them as verified, but eclipse still warns that they're unverified when I try to install the plugins.
Most of the documentation I've found simply points to running signing goal on an eclipse.org machine, but this isn't feasible. This page indicates that independent signing is possible, but isn't clear as to what method is expected:
Content made available on Eclipse.org will be signed with the
foundation certificate. Note this doesn't preclude other parties from
later signing the JARs with their own certificates.
What signing methods are trusted by Eclipse? Can I sign a plugin with my own certificate? If so, what type of certificate does it need to be?
I have an artifact hosted on maven. my setup on the local windows machine has been working perfectly; maven, gpg keys name it. upto now I can do 'mvn clean deploy' and my artifact gets signed and released very successfully.
Enter continous integration with jenkins hosted on an ubuntu server. I successfully install gpg on ubuntu via putty. Since I already have versions of the artifact on maven signed with my gpg keys, I should continue using them right?So, I use winscp to transfer the gnupg folder and all its contents to ubuntu. Indeed when I run gpg --list-keys, I can see my key information (I only have one key configured). I am thinking, this, is a sign that my configuration on ubuntu is successful.
According to an answer to
this question I should take that there are no keys configured on ubuntu. So why would gpg --list-keys work??
When jenkins is trying to deploy the artifact, the "sign" goal fails and maven-gpg-plugin reports this:
gpg: no default secret key: secret key not available
gpg: signing failed: secret key not available
and the build fails, how can I resolve this issue?
I have found the solution. The only thing I was missing was the settings.xml file for my particular maven project. I had to find out where maven looks for this file from while building my project (usin mvn -X). Somehow Ubuntu did not create it, so I had to create one for myself and put in the relevant gpg properties. After this, everything worked like a breeze.
TL;DR
How to make Eclipse's built-in Maven connect to an HTTPS repository that uses certificate-based authentication?
It seems that m2e is able to find the keystores, but unable to connect. Command-line Maven works like a charm using exactly the same keystores. Run as -> Maven build works with external Maven and not with the embedded one.
Problem
I have a Maven project with a dependency. That dependency is available in a repository that uses SSL certificate-based authentication in addition to regular username-password combination. I need to make it work in Eclipse Luna, with the built-in Maven. All I am able to get is handshake_failure. Investigation of the logs shows that the built-in Maven is unable to find a matching certificate.
When I use Run as -> Maven build with an external Maven, or command-line Maven, it successfully connects to the repository and fetches the artifact exactly as needed.
The interesting thing is, both external and embedded Mavens have the same version (3.2.3).
Setup
I pass these parameters through eclipse.ini:
-Djavax.net.ssl.trustStore=java.cacerts
-Djavax.net.ssl.trustStorePassword=******
-Djavax.net.ssl.keyStore=private.cacerts
-Djavax.net.ssl.keyStorePassword=******
-Djavax.net.debug=ssl,handshake
The trustStore file contains:
the whole certificate chain for the repository I connect to (the chain ends with a self-signed certificate), one of them being stored under the alias repository.location.url (literal repository location here, e.g. myrepository.com)
certificate for maven central
The keyStore file contains an imported PKCS certificate under an alias of the repository.
There seems to be no problem at all with the setup, as the command-line Maven works. If I use external Maven or command-line one, it works. If I swich to embedded one (which is always used for resolving dependencies), handshake error shows up.
What am I doing wrong? I might be missing something completely obvious. Any help would be appreciated.
Options that didn't work for me
Installing certificate to java > jre > lib > security > cacerts
Providing cacerts in java run configuration vm arguments
Updating eclipse to latest versions like mars or neon
Updating maven plugin for eclipse to 1.7.0
Steps that resolved the issue for me
Download certificate file & add in eclipse at Preferences > Remote Systems > SSL > Add
Clear .m2 > repository folder of all existing files
Open eclipse, right-click on project and Select Maven > Update Project. Choose Force Update of Snapshots/Releases
updated on 9/19/2017
If nothing else works, Installing the certificate to Java on your machine # java > jre > lib > security > cacerts can help
I had exactly the same problem: Eclipse could not connect to external maven repository using embedded maven installation in case the repository requires a client SSL certificate.
The problem was solved by upgrading to latest jvm (in my case - 1.8.0u52) and upgrading Eclipse m2e plugin to version 1.6.1 (with Eclipse version 4.4.0).
In your run configurations select your maven build and then select the JRE tab at the top of the dialog. Put your SSL parameters into the VM arguments text-area.
that's what fixed it for me.
I managed to fix it by setting external maven in eclipse.
Eclipse->Window->Preferences->Maven->Installations->Add