{"id":8650,"date":"2022-03-03T23:21:11","date_gmt":"2022-03-04T04:21:11","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=8650"},"modified":"2022-03-04T12:00:03","modified_gmt":"2022-03-04T17:00:03","slug":"maven-build-certificate-error","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=8650","title":{"rendered":"Maven Build Certificate Error"},"content":{"rendered":"

Attempting to build some Java code, I got a lot<\/em> of errors indicating a trusted certificate chain was not available:<\/p>\n

Could not transfer artifact \r\norg.springframework.boot:spring-boot-starter-parent:pom:2.2.0.RELEASE \r\nfrom\/to repo.spring.io (<redacted>): sun.security.validator.ValidatorException: \r\nPKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: \r\nunable to find valid certification path to requested target<\/pre>\n
And<\/p>\n
[ERROR] Failed to execute goal on project errorhandler: \r\nCould not resolve dependencies for project com.example.npm:errorhandler:jar:0.0.1-SNAPSHOT: \r\nThe following artifacts could not be resolved: \r\norg.springframework.boot:spring-boot-starter-data-jpa:jar:2.3.7.BUILD-SNAPSHOT, \r\norg.springframework.boot:spring-boot:jar:2.3.7.BUILD-SNAPSHOT, \r\norg.springframework.boot:spring-boot-configuration-processor:jar:2.3.7.BUILD-SNAPSHOT: \r\nCould not transfer artifact org.springframework.boot:spring-boot-starter-data-jpa:jar:2.3.7.BUILD-20201211.052207-37 \r\nfrom\/to spring-snapshots (https:\/\/repo.spring.io\/snapshot): \r\ntransfer failed for https:\/\/repo.spring.io\/snapshot\/org\/springframework\/boot\/spring-boot-starter-data-jpa\/2.3.7.BUILD-SNAPSHOT\/spring-boot-starter-data-jpa-2.3.7.BUILD-20201211.052207-37.jar: \r\nCertificate for <repo.spring.io> doesn't match any of the subject alternative names: [] -> [Help 1]<\/pre>\n
Ideally, you could just add whatever cert(s) needed to be trusted into the cacerts file for the Java instance using keytool (.\\keytool.exe -import -alias digicert-intermed -cacerts -file c:\\tmp\\digi-int.cer) however<\/em> the work computers are locked down such that I am unable to import certs into the Java trust store. The second error makes me think it wouldn’t work anyway — if there’s no matching SAN on the cert, trusting the cert wouldn’t do anything.<\/p>\n
Fortunately, there are a few flags you can add to mvn to ignore certificate errors — thus allowing the build to complete without requiring access to the cacerts file. There is, of course, a possibility that the trust failure is because your connection is being redirected maliciously … but I see enough other<\/em> people getting trust failures for this spring-boot stuff (and visiting the site doesn’t show anything suspect) that I’m happy to bypass the security validation this once and just be done with the build \ud83d\ude42<\/p>\n
mvn package -DskipTests -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true jib:build<\/pre>\n","protected":false},"excerpt":{"rendered":"
Attempting to build some Java code, I got a lot of errors indicating a trusted certificate chain was not available: Could not transfer artifact org.springframework.boot:spring-boot-starter-parent:pom:2.2.0.RELEASE from\/to repo.spring.io (<redacted>): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target And [ERROR] Failed to execute goal on project errorhandler: Could not resolve …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[1539,578,943,1540,236,1538],"class_list":["post-8650","post","type-post","status-publish","format-standard","hentry","category-coding","tag-cacerts","tag-java","tag-maven","tag-mvn","tag-ssl","tag-truststore"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/8650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8650"}],"version-history":[{"count":5,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/8650\/revisions"}],"predecessor-version":[{"id":8655,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/8650\/revisions\/8655"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}