Failed to get maven to boot from HTTPS addresses behind the proxy server

Of the dependencies that I specify in my pom.xml , those that use HTTP URLs are loaded, but those that use HTTPS URLs don't say:

 SEVERE: Proxy authentication error: Credentials cannot be used for NTLM authentication: org.apache.maven.wagon.providers.http.httpclient.auth.UsernamePasswordCredentials 

Here is the contents of settings.xml :

 <?xml version="1.0" encoding="UTF-8"?> <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> <pluginGroups /> <proxies> <proxy> <id>proxy1</id> <active>true</active> <protocol>http</protocol> <host>proxy.mycompany.com</host> <port>6050</port> <username>domain\username</username> <password>password</password> <nonProxyHosts></nonProxyHosts> </proxy> <proxy> <id>proxy2</id> <active>true</active> <protocol>https</protocol> <host>proxy.mycompany.com</host> <port>6050</port> <username>domain\username</username> <password>password</password> <nonProxyHosts></nonProxyHosts> </proxy> </proxies> <servers> </servers> <mirrors> </mirrors> <profiles> <profile> <id>centralrepo</id> <repositories> <repository> <id>central</id> <url>http://central</url> <releases> <enabled>true</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository> <repository> <id>fortytwo</id> <name>fortytwo.net Maven repository</name> <url>http://fortytwo.net/maven2</url> <releases> <enabled>true</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository> <repository> <id>javanet</id> <name>java.net Maven repository</name> <url>http://download.java.net/maven/2</url> <releases> <enabled>true</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository> <repository> <id>scala-tools.org</id> <name>Scala-tools Maven2 Repository</name> <url>http://scala-tools.org/repo-releases</url> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>http://central</url> <releases> <enabled>true</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </pluginRepository> <pluginRepository> <id>scala-tools.org</id> <name>Scala-tools Maven2 Repository</name> <url>http://scala-tools.org/repo-releases</url> </pluginRepository> </pluginRepositories> </profile> </profiles> </settings> 

I googled and found that people suggest using CNTLM. So, I installed CNTLM and edited the /etc/cntlm.conf file as follows:

 # # Cntlm Authentication Proxy Configuration # # NOTE: all values are parsed literally, do NOT escape spaces, # do not quote. Use 0600 perms if you use plaintext password. # Username username Domain domain Password password # NOTE: Use plaintext password only at your own risk # Use hashes instead. You can use a "cntlm -M" and "cntlm -H" # command sequence to get the right config for your environment. # See cntlm man page # Example secure config shown below. # PassLM 1AD35398BE6565DDB5C4EF70C0593492 # PassNT 77B9081511704EE852F94227CF48A793 ### Only for user 'testuser', domain 'corp-uk' # PassNTLMv2 D5826E9C665C37C80B53397D5C07BBCB # Specify the netbios hostname cntlm will send to the parent # proxies. Normally the value is auto-guessed. # # Workstation netbios_hostname # List of parent proxies to use. More proxies can be defined # one per line in format <proxy_ip>:<proxy_port> # Proxy proxy.mycompany.com:6050 # List addresses you do not want to pass to parent proxies # * and ? wildcards can be used # NoProxy localhost, 127.0.0.*, 10.*, 192.168.* # Specify the port cntlm will listen on # You can bind cntlm to specific interface by specifying # the appropriate IP address also in format <local_ip>:<local_port> # Cntlm listens on 127.0.0.1:3128 by default # Listen 3128 # If you wish to use the SOCKS5 proxy feature as well, uncomment # the following option. It can be used several times # to have SOCKS5 on more than one port or on different network # interfaces (specify explicit source address for that). # # WARNING: The service accepts all requests, unless you use # SOCKS5User and make authentication mandatory. SOCKS5User # can be used repeatedly for a whole bunch of individual accounts. # #SOCKS5Proxy 8010 #SOCKS5User dave:password # Use -M first to detect the best NTLM settings for your proxy. # Default is to use the only secure hash, NTLMv2, but it is not # as available as the older stuff. # # This example is the most universal setup known to man, but it # uses the weakest hash ever. I won't have it usage on my # conscience. :) Really, try -M first. # #Auth LM #Flags 0x06820000 # Enable to allow access from other computers # #Gateway yes # Useful in Gateway mode to allow/restrict certain IPs # Specifiy individual IPs or subnets one rule per line. # #Allow 127.0.0.1 #Deny 0/0 # GFI WebMonitor-handling plugin parameters, disabled by default # #ISAScannerSize 1024 #ISAScannerAgent Wget/ #ISAScannerAgent APT-HTTP/ #ISAScannerAgent Yum/ # Headers which should be replaced if present in the request # #Header User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) # Tunnels mapping local port to a machine behind the proxy. # The format is <local_port>:<remote_host>:<remote_port> # #Tunnel 11443:remote.com:443 

When I try to verify CNTLM using sudo cntlm -v -I -M http://google.com , I get the following:

 Reading PROXY auth response... HEAD: HTTP/1.1 407 Proxy Authorization Required . . . HEAD: HTTP/1.1 407 Proxy Authorization Required Credentials rejected 

I am sure my credentials are correct as maven can load dependencies from HTTP urls.

About a month ago, my company changed its SSL certificates for the HTTPS proxy, and since then I get this error.

Reference!