timja
commented
13 years ago Before Hudson 1.392, we were able to add the following to the MAVEN_OPTS environment variable
-Djavax.net.ssl.trustStore=/home/someuser/.m2/jssecacerts
where jssecacerts was generated using the technique here
http://blogs.sun.com/andreas/entry/no_more_unable_to_find
However, now in 1.392 the SSL configuration does not work. I have not figured out whether this is related to the maven plugin changes to support Maven 3 or something else.
Our maven repository uses an SSL certificate that must be placed within the Java keystore for things to work properly. I used keytool to do this for the host machines Sun Java 6 installation and Hudson was able to work perfectly. However, when I tried to do a maven release, using the Maven release plugin (and the Hudson maven release plugin) I was receiving SSL errors even when trying to simply download artifacts:
[INFO] Downloading: https://intranet.mycorp.com/nexus/content/groups/public/org/apache/maven/doxia/doxia-sink-api/1.0/doxia-sink-api-1.0.pom
[INFO] [WARNING] Unable to get resource 'org.apache.maven.doxia:doxia-sink-api:pom:1.0' from repository MyCorp (https://intranet.mycorp.com/nexus/content/groups/public): Error transferring file: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I got around the problem by using keytool to add cacert.pem to the keystore of the Java sdk installation I found under $HUDSON_HOME/tools. The result of this is that any time I add another JDK installation I need to remember to do this or Maven releases will fail.
Perhaps Hudson could provide a configuration UI wherein a certificate could be uploaded and Hudson ensures that all installed JDK's are configured to trust that SSL certificate.
Originally reported by hdave42, imported from: JDK installations need SSL support