Sonatype Nexus - unable to find valid certification path to requested target

Question

I am using a local Sonaty Nexus where I am proxying a couple of external Maven repositories. Up to now the proxied only http repositories but for some artifacts I had to introduce Camunda. Using the Nexus remote content browser I can browse its content but the Nexus doesn't download its index. More than that, in the nexus log appear the following errors:

2014-01-08 11:44:27 WARN  [xy-3-thread-218] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Remote peer of proxy repository "Camunda Secure" [id=camunda.secure] threw a org.sonatype.nexus.proxy.RemoteStorageException exception. Connection/transport problems occured while connecting to remote peer of the repository. - Cause(s): Transport error while executing GET method [repositoryId="camunda.secure", requestPath="/", remoteUrl="https://app.camunda.com/nexus/content/groups/public/"] > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > unable to find valid certification path to requested target
2014-01-08 11:44:44 ERROR [tp13549765-1372] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Got RemoteStorageException in proxy repository "Camunda Secure" [id=camunda.secure] while retrievingremote artifact "ResourceStoreRequest(requestPath="/.meta/repository-metadata.xml")" from URL https://app.camunda.com/nexus/content/groups/public/, this is 1 (re)try, cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2014-01-08 11:44:44 ERROR [tp13549765-1372] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Got RemoteStorageException in proxy repository "Camunda Secure" [id=camunda.secure] while retrievingremote artifact "ResourceStoreRequest(requestPath="/.meta/repository-metadata.xml")" from URL https://app.camunda.com/nexus/content/groups/public/, this is 2 (re)try, cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2014-01-08 11:44:44 ERROR [tp13549765-1372] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Got RemoteStorageException in proxy repository "Camunda Secure" [id=camunda.secure] while retrievingremote artifact "ResourceStoreRequest(requestPath="/.meta/repository-metadata.xml")" from URL https://app.camunda.com/nexus/content/groups/public/, this is 3 (re)try, cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2014-01-08 11:44:44 WARN  [tp13549765-1372] - org.sonatype.nexus.proxy.maven.maven2.M2Repository - Remote peer of proxy repository "Camunda Secure" [id=camunda.secure] threw a org.sonatype.nexus.proxy.RemoteStorageException exception. Connection/transport problems occured while connecting to remote peer of the repository. - Cause(s): Transport error while executing GET method [repositoryId="camunda.secure", requestPath="/.meta/repository-metadata.xml", remoteUrl="https://app.camunda.com/nexus/content/groups/public/.meta/repository-metadata.xml"] > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > unable to find valid certification path to requested target

What should I do to be able to download its index and to reference those artifacts in my Maven project?

SK

Answer 1

Maybe this discussion about SSL certificates could help you to get it working. If you keep having trouble with the certificates, the camunda Maven repositories can also be accessed without SSL encryption using: http://app-unsecure.camunda.com/nexus/content/groups/public/

Answer 2

Bottom line here:-

Your maven is not able to find the certificate for the server it is trying to connect say foo.domain.com in the keystore .

Steps to solving

1) Identify the keystore your maven is using -This is very important . Because you may keep adding certificate to the keystore but not to the one maven looks for

Tips here :-

a) If no specific configuration is involved it should look the default JDK keystore - caccerts in the JAVA_HOME

b)if you have configured the .mavnerc under /Users/username/ , This will override the default settings. So make sure you look here to know where it points

2) Download the certificate and import to the correct keystore using keytool command

keytool -import -alias alias_name -file certificate_name -keystore keystorelocation

Answer 3

You need to import the corresponding SSL certificate into your keystore.

Download the certificate on linux:

openssl s_client -showcerts -connect app.camunda.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > mycertfile.pem

Import the certificate into your java keystore. See https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html how to do it.

Answer 4

Download the certificate from Nexus Browser (click on the lock-pad for View Site Information in case of Microsoft Edge)
Click on Connection is secure
Click on the certificate details
Click on Copy To file (it opens up export certificate wizard)
Choose Base-64 encoding
Browse and select a download location and file-name (let’s say mycert)
Open cmd
Goto the download location and execute the below command
keytool -import -alias mycert -keystore  "<<your-JAVA_HOME-directory>>\jre\lib\security\cacerts" -file mycert.cer
Restart the machine
Execute maven build again.

Answer 5

Look at admin security, maybe you haven't cert there. Admin Nexus Panel.