All geek questions in one place

Maven "cannot find a valid certification path to the requested target" - letencrypt ssl certificate

I recently switched to letsencrypt certificates for my maven repo (Artifactory behind Apache proxy). Access to the repo through the browser works fine, without giving out any problems with the certificate (screenshot below).

It also works if I import the certificate manually into the java repository .

But according to this question, SO Java should accept letencrypt certificates starting with 8u101 .

I always get this exception:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

enter image description here

enter image description here

 C:\myproject>mvn -version Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T17:41:47+01:00) Maven home: C:\maven Java version: 1.8.0_112, vendor: Oracle Corporation Java home: C:\jdk1.8_win64\jre Default locale: en_US, platform encoding: Cp1252 OS name: "windows 10", version: "10.0", arch: "amd64", family: "dos"
+5
source share
1 answer

Finally it turned out after 3 months ...

The apache server in front of the maven file store was not configured to provide an intermediate certificate in the chain.

I uploaded an intermediate certificate - Allows you to encrypt X3 permissions (IendTrust cross-signed) - and configured apache to serve it.

Actually, the domain.crt file contains both the domain and the intermediate certificate, as well as for all my test browsers, which have always been good enough. But the eclipse / maven setting on this machine did not cope with this.

I just started to learn apache configuration after SSL Verification Labs told me that the certificate chain was incomplete (although the browser did not seem to care).

Before:

  SSLEngine On SSLCertificateFile "path/to/domain.crt" SSLCertificateKeyFile "path/to/domain.key"

After:

  SSLEngine On SSLCertificateFile "path/to/domain.crt" SSLCertificateKeyFile "path/to/domain.key" SSLCertificateChainFile "path/to/letsencrypt-authority-x3-identrust.pem"
+1
source

Source: https://habr.com/ru/post/1267048/

More articles:


All Articles