Java 在代理后面使用 Maven 和 SSL 的问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25911623/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Problems using Maven and SSL behind proxy
提问by Andy
I just downloaded Maven and was trying to run the simple command found on the "Maven in Five Minutes" page (http://maven.apache.org/guides/getting-started/maven-in-five-minutes.html). This is the command:
我刚刚下载了 Maven 并试图运行在“五分钟内的 Maven”页面(http://maven.apache.org/guides/getting-started/maven-in-five-minutes.html)上找到的简单命令。这是命令:
mvn archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
When I run it I get an error with SSL certificate and cannot download from the central Maven repository at https://repo.maven.apache.org/maven2. The error is "SunCertPathBuilderException: unable to find valid certification path to requested target".
当我运行它时,我收到 SSL 证书错误,并且无法从https://repo.maven.apache.org/maven2的中央 Maven 存储库下载。错误是“SunCertPathBuilderException:无法找到到请求目标的有效证书路径”。
I am sitting behind a corporate firewall and have correctly configured the proxy settings for both httpand httpsaccess via the settings.xmlfile. I doubt that everyone who downloads Maven and runs it for the first time has to import the SSL certificate of the Maven repository, so the problem must be with the proxy. Does anyone have any experience with this?
我坐在公司防火墙后面,并正确配置了代理设置http和https通过settings.xml文件访问。我怀疑每个下载Maven并第一次运行它的人都必须导入Maven存储库的SSL证书,所以问题一定出在代理上。有人对这个有经验么?
Here's the stack trace in full debug mode (-X):
这是完全调试模式 (-X) 下的堆栈跟踪:
mvn archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
Apache Maven 3.2.3 (33f8c3e1027c3ddde99d3cdebad2656a31e8fdf4; 2014-08-11T22:58:10+02:00)
Maven home: C:\Projects\maven\bin\..
Java version: 1.7.0_45, vendor: Oracle Corporation
Java home: C:\Program Files\Java\jdk1.7.0_45\jre
Default locale: it_IT, platform encoding: Cp1252
OS name: "windows 7", version: "6.1", arch: "amd64", family: "windows"
[DEBUG] Using connector WagonRepositoryConnector with priority 0.0 for https://repo.maven.apache.org/maven2 via *****:8080 with username=*****, password=***
Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom
[WARNING] Failed to retrieve plugin descriptor for org.apache.maven.plugins:maven-clean-plugin:2.5: Plugin org.apache.maven.plugins:maven-clean-plugin:2.5 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:2.5
org.apache.maven.plugin.PluginResolutionException: Plugin org.apache.maven.plugins:maven-clean-plugin:2.5 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:2.5
at org.apache.maven.plugin.internal.DefaultPluginDependenciesResolver.resolve(DefaultPluginDependenciesResolver.java:122)
at org.apache.maven.plugin.internal.DefaultMavenPluginManager.getPluginDescriptor(DefaultMavenPluginManager.java:148)
at org.apache.maven.plugin.DefaultBuildPluginManager.loadPlugin(DefaultBuildPluginManager.java:81)
at org.apache.maven.plugin.prefix.internal.DefaultPluginPrefixResolver.resolveFromProject(DefaultPluginPrefixResolver.java:138)
at org.apache.maven.plugin.prefix.internal.DefaultPluginPrefixResolver.resolveFromProject(DefaultPluginPrefixResolver.java:121)
at org.apache.maven.plugin.prefix.internal.DefaultPluginPrefixResolver.resolve(DefaultPluginPrefixResolver.java:85)
at org.apache.maven.lifecycle.internal.MojoDescriptorCreator.findPluginForPrefix(MojoDescriptorCreator.java:260)
at org.apache.maven.lifecycle.internal.MojoDescriptorCreator.getMojoDescriptor(MojoDescriptorCreator.java:220)
at org.apache.maven.lifecycle.internal.DefaultLifecycleTaskSegmentCalculator.calculateTaskSegments(DefaultLifecycleTaskSegmentCalculator.java:103)
at org.apache.maven.lifecycle.internal.DefaultLifecycleTaskSegmentCalculator.calculateTaskSegments(DefaultLifecycleTaskSegmentCalculator.java:83)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:85)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:347)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:154)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:582)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:214)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:158)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.eclipse.aether.resolution.ArtifactDescriptorException: Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:2.5
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:349)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor(DefaultArtifactDescriptorReader.java:231)
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.readArtifactDescriptor(DefaultRepositorySystem.java:288)
at org.apache.maven.plugin.internal.DefaultPluginDependenciesResolver.resolve(DefaultPluginDependenciesResolver.java:108)
... 23 more
Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:459)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:262)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:239)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:334)
... 26 more
Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.eclipse.aether.connector.wagon.WagonRepositoryConnector.wrap(WagonRepositoryConnector.java:1016)
at org.eclipse.aether.connector.wagon.WagonRepositoryConnector.wrap(WagonRepositoryConnector.java:1004)
at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$GetTask.run(WagonRepositoryConnector.java:725)
at org.eclipse.aether.util.concurrency.RunnableErrorForwarder.run(RunnableErrorForwarder.java:67)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.maven.wagon.TransferFailedException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.fillInputData(AbstractHttpClientWagon.java:935)
at org.apache.maven.wagon.StreamWagon.getInputStream(StreamWagon.java:116)
at org.apache.maven.wagon.StreamWagon.getIfNewer(StreamWagon.java:88)
at org.apache.maven.wagon.StreamWagon.get(StreamWagon.java:61)
at org.eclipse.aether.connector.wagon.WagonRepositoryConnector$GetTask.run(WagonRepositoryConnector.java:660)
... 4 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at org.apache.maven.wagon.providers.http.httpclient.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:280)
at org.apache.maven.wagon.providers.http.httpclient.impl.conn.HttpClientConnectionOperator.upgrade(HttpClientConnectionOperator.java:167)
at org.apache.maven.wagon.providers.http.httpclient.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:329)
at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:392)
at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec.execute(MainClientExec.java:218)
at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.ProtocolExec.execute(ProtocolExec.java:194)
at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RetryExec.execute(RetryExec.java:85)
at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at org.apache.maven.wagon.providers.http.httpclient.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
at org.apache.maven.wagon.providers.http.httpclient.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.execute(AbstractHttpClientWagon.java:756)
at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.fillInputData(AbstractHttpClientWagon.java:854)
... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 27 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 33 more
采纳答案by biology.info
The fact is that your maven plugin try to connect to an https remote repository
(e.g https://repo.maven.apache.org/maven2/)
事实是您的 maven 插件尝试连接到 https 远程存储库
(例如https://repo.maven.apache.org/maven2/)
This is a new SSL connectivity for Maven Central was made available in august, 2014 !
这是 Maven Central 的新 SSL 连接,已于 2014 年 8 月推出!
So please, can you verify that your settings.xml has the correct configuration.
所以请你验证一下你的 settings.xml 是否有正确的配置。
<settings>
<activeProfiles>
<!--make the profile active all the time -->
<activeProfile>securecentral</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>securecentral</id>
<!--Override the repository (and pluginRepository) "central" from the
Maven Super POM -->
<repositories>
<repository>
<id>central</id>
<url>http://repo1.maven.org/maven2</url>
<releases>
<enabled>true</enabled>
</releases>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<url>http://repo1.maven.org/maven2</url>
<releases>
<enabled>true</enabled>
</releases>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
</settings>
You can alternatively use the simple http maven repository like this
您也可以像这样使用简单的 http maven 存储库
<pluginRepositories>
<pluginRepository>
<id>central</id>
<name>Maven Plugin Repository</name>
<url>http://repo1.maven.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<updatePolicy>never</updatePolicy>
</releases>
</pluginRepository>
</pluginRepositories>
Please let me know if my solution works ;)
请让我知道我的解决方案是否有效;)
J.
J。
回答by Andy
The answer above is a good working solution, but here's how to do it if you want to use the SSL repo:
上面的答案是一个很好的工作解决方案,但如果您想使用 SSL 存储库,这里是如何做到的:
- Use a browser (I used IE) to go to https://repo.maven.apache.org/
- Click on lock icon and choose "View Certificate"
- Go to the "Details" tab and choose "Save to File"
- Choose type "Base 64 X.509 (.CER)" and save it somewhere
Now open a command prompt and type (use your own paths):
keytool -import -file C:\temp\mavenCert.cer -keystore C:\temp\mavenKeystoreNow you can run the command again with the parameter
-Djavax.net.ssl.trustStore=C:\temp\mavenKeystoreUnder linux use absolute path
-Djavax.net.ssl.trustStore=/tmp/mavenKeystoreotherwise thiswill happen
Like this:
mvn archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false -Djavax.net.ssl.trustStore=C:\temp\mavenKeystore
- 使用浏览器(我使用 IE)访问https://repo.maven.apache.org/
- 单击锁定图标并选择“查看证书”
- 转到“详细信息”选项卡并选择“保存到文件”
- 选择类型“Base 64 X.509 (.CER)”并将其保存在某处
现在打开命令提示符并键入(使用您自己的路径):
keytool -import -file C:\temp\mavenCert.cer -keystore C:\temp\mavenKeystore现在您可以使用参数再次运行命令
-Djavax.net.ssl.trustStore=C:\temp\mavenKeystorelinux下使用绝对路径
-Djavax.net.ssl.trustStore=/tmp/mavenKeystore否则这会发生
像这样:
mvn archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false -Djavax.net.ssl.trustStore=C:\temp\mavenKeystore
Optional:
可选的:
You can use the MAVEN_OPTSenvironment variable so you don't have to worry about it again. See more info on the MAVEN_OPTSvariable here:
您可以使用MAVEN_OPTS环境变量,这样您就不必再担心了。在此处查看有关MAVEN_OPTS变量的更多信息:
回答by Senthil
This may not be the best solution. I changed my maven from 3.3.x to 3.2.x. And this issue gone.
这可能不是最好的解决方案。我将我的 Maven 从 3.3.x 更改为 3.2.x。而这个问题就没了。
回答by Luke
Update
更新
I just stumbled on this bug report:
我只是偶然发现了这个错误报告:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1396760
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1396760
It appears to be the cause of our problems here. Something with ca-certificates-java encountering an error and not fully populating cacerts. For me, this started happening after I upgraded to 15.10 and this bug probably occurred during that process.
这似乎是我们这里问题的原因。ca-certificates-java 遇到错误并且没有完全填充 cacerts。对我来说,这在我升级到 15.10 后开始发生,这个错误可能发生在这个过程中。
The workaround is to execute the following command:
解决方法是执行以下命令:
sudo /var/lib/dpkg/info/ca-certificates-java.postinst configure
须藤/var/lib/dpkg/info/ca-certificates-java.postinst 配置
If you check the contents of the keystore (as in my original answer), you'll now see a whole bunch more, including the needed DigiCert Global Root CA.
如果您检查密钥库的内容(如我的原始答案),您现在会看到更多内容,包括所需的 DigiCert Global Root CA。
If you went through the process in my original answer, you can clean up the key we added by running this command (assuming you did not specify a different alias):
如果您在我的原始答案中完成了该过程,则可以通过运行此命令来清除我们添加的密钥(假设您没有指定不同的别名):
sudo keytool -delete -alias mykey -keystore /etc/ssl/certs/java/cacerts
sudo keytool -delete -alias mykey -keystore /etc/ssl/certs/java/cacerts
Maven will now work fine.
Maven 现在可以正常工作了。
Original Answer
原答案
I'd just like to expand on Andy's answer about adding the certificate and specifying a keystore. That got me started, and combined with information elsewhere I was able to understand the problem and find another (better?) solution.
我只想扩展安迪关于添加证书和指定密钥库的答案。这让我开始了,结合其他地方的信息,我能够理解问题并找到另一个(更好的?)解决方案。
Andy's answer specifies a new keystore with the Maven cert specifically. Here, I'm going a bit more broad and adding the root certificate to the default java truststore. This allows me to use mvn (and other java stuff) without specifying a keystore.
Andy 的回答专门指定了一个带有 Maven 证书的新密钥库。在这里,我将更广泛地将根证书添加到默认的 Java 信任库中。这允许我在不指定密钥库的情况下使用 mvn(和其他 java 东西)。
For reference my OS is Ubuntu 15.10 with Maven 3.3.3.
作为参考,我的操作系统是带有 Maven 3.3.3 的 Ubuntu 15.10。
Basically, the default java truststore in this setup does not trust the root certificate of the Maven repo (DigiCert Global Root CA), so it needs to be added.
基本上,此设置中的默认 java truststore 不信任 Maven repo 的根证书(DigiCert Global Root CA),因此需要添加它。
I found it here and downloaded:
我在这里找到并下载了:
https://www.digicert.com/digicert-root-certificates.htm
https://www.digicert.com/digicert-root-certificates.htm
Then I found the default truststore location, which resides here:
然后我找到了默认的信任库位置,它位于这里:
/etc/ssl/certs/java/cacerts
/etc/ssl/certs/java/cacerts
You can see what certs are currently in there by running this command:
您可以通过运行以下命令查看当前有哪些证书:
keytool -list -keystore /etc/ssl/certs/java/cacerts
keytool -list -keystore /etc/ssl/certs/java/cacerts
When prompted, the default keystore password is "changeit" (but nobody ever does).
出现提示时,默认的密钥库密码是“changeit”(但从来没有人这样做过)。
In my setup, the fingerprint of "DigiCert Global Root CA" did not exist (DigiCert calls it "thumbprint" in the link above). So here's how to add it:
在我的设置中,“DigiCert Global Root CA”的指纹不存在(DigiCert 在上面的链接中将其称为“指纹”)。所以这里是如何添加它:
sudo keytool -import -file DigiCertGlobalRootCA.crt -keystore /etc/ssl/certs/java/cacerts
须藤 keytool -import -file DigiCertGlobalRootCA.crt -keystore /etc/ssl/certs/java/cacerts
This should prompt if you trust the cert, say yes.
如果您信任证书,这应该会提示,请说是。
Use keytool -list again to verify that the key exists. I didn't bother to specify an alias (-alias), so it ended up like this:
再次使用 keytool -list 来验证密钥是否存在。我没有费心指定别名(-alias),所以结果是这样的:
mykey, Dec 2, 2015, trustedCertEntry, Certificate fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
mykey,2015 年 12 月 2 日,trustedCertEntry,证书指纹 (SHA1):A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C :54:36
Then I was able to run mvn commands as normal, no need to specify keystore.
然后我就可以正常运行 mvn 命令了,不需要指定密钥库。
回答by Gene M
I was getting the same error about the SSL certificate when Maven tried to download the necessary modules automatically.
As a remedy, I was attempting to implement Luke's answer above, but found that the DigiCert Global Root CA certificate is already in Java's trusted keystore.
What helped me was adding %JAVA_HOME%\binto the Path variable (I am running Windows). And %JAVA_HOME%is a JDK location, not just a JRE location, since Maven needs a JDK.
I am not certain why it helped, but it did. I am absolutely sure that this was the only thing I changed.
当 Maven 尝试自动下载必要的模块时,我遇到了关于 SSL 证书的相同错误。
作为补救措施,我试图实施上述 Luke 的回答,但发现 DigiCert Global Root CA 证书已经在 Java 的受信任密钥库中。
帮助我的是添加%JAVA_HOME%\bin到 Path 变量(我正在运行 Windows)。而且%JAVA_HOME%是一个 JDK 位置,而不仅仅是一个 JRE 位置,因为 Maven 需要一个 JDK。
我不确定为什么它有帮助,但确实有帮助。我绝对确定这是我唯一改变的地方。
回答by halim
I actually had the same problem.
我实际上遇到了同样的问题。
when I run
当我跑
mvn clean package
mvn 清洁包
on my maven project, I get this certificate error by the maven tool.
在我的 Maven 项目中,我通过 Maven 工具收到此证书错误。
I followed @Andy 's Answer till the point where I downloaded the .cerfile
我一直跟着@Andy 的回答直到我下载了.cer文件
after that the rest of the answer didn't work for me but I did the following(I am running on Linux Debian machine)
之后,其余的答案对我不起作用,但我做了以下操作(我在 Linux Debian 机器上运行)
first of all, run:
首先,运行:
keytool -list -keystore "Java path+"/jre/lib/security/cacerts""
keytool -list -keystore "Java 路径+"/jre/lib/security/cacerts""
for example in my case it is:
例如在我的情况下是:
keytool -list -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts
keytool -list -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts
if it asks about the password, just hit enter.
如果它询问密码,只需按回车键。
this command is supposed to list all the ssl certificates accepted by the java. when I ran this command, in my case I got 93 certificates for example.
此命令应该列出 java 接受的所有 ssl 证书。例如,当我运行此命令时,我获得了 93 个证书。
Now add the downloaded file .certo the cacertsfile by running the following command:
现在通过运行以下命令将下载的文件.cer添加到cacerts文件中:
sudo keytool -importcert -file /home/hal/Public/certificate_file_downloaded.cer -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/security/cacerts
sudo keytool -importcert -file /home/hal/Public/certificate_file_downloaded.cer -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/security/cacerts
write your sudo password then it will ask you about the keystore password
写下您的 sudo 密码,然后它会询问您有关密钥库密码的信息
the default one is changeit
默认的一个是changeit
then say ythat you trust this certificate.
然后说y你信任这个证书。
if you run the command
如果你运行命令
keytool -list -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts
keytool -list -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts
once again, in my case, I got 94 contents of the cacertsfile
再一次,就我而言,我得到了cacerts文件的94 个内容
it means, it was added successfully.
这意味着,它已成功添加。
回答by alex.b
If this issue happens for the HTTPSrepository, f.e. https://repo.spring.io/milestoneyou can just try to replace with non secured: http://repo.spring.io/milestone. And that's it
如果HTTPS存储库发生此问题,则可以尝试将https://repo.spring.io/milestone替换为非安全:http: //repo.spring.io/milestone。就是这样
回答by Balaji Boggaram Ramanarayan
You can import the SSL cert manually and just add it to the keystore.
您可以手动导入 SSL 证书并将其添加到密钥库中。
For linux users,
对于 linux 用户,
Syntax:
句法:
keytool -trustcacerts -keystore /jre/lib/security/cacerts -storepass changeit -importcert -alias nexus -file
keytool -trustcacerts -keystore /jre/lib/security/cacerts -storepass changeit -importcert -alias nexus -file
Example :
例子 :
keytool -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_144.jdk/Contents/Home/jre/lib/security/cacerts -storepass changeit -importcert -alias nexus -file ~/Downloads/abc.com-ssl.crt
keytool -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_144.jdk/Contents/Home/jre/lib/security/cacerts -storepass changeit -importcert -alias nexus -file ~/Downloads/abc.com-ssl。资源管理器
回答by apocalysque
I ran into this problem in the same situation, and I wrote up a detailed answerto a related question on stack overflow explaining how to more easily modify the system's cacerts using a GUI tool. I think it's a little bit better than using a one-off keystore for a specific project or modifying the settings for maven (which may cause trouble down the road).
我在同样的情况下遇到了这个问题,我写了一个关于堆栈溢出的相关问题的详细答案,解释了如何使用 GUI 工具更轻松地修改系统的 cacerts。我认为这比对特定项目使用一次性密钥库或修改 maven 的设置要好一点(这可能会导致麻烦)。
回答by vks
Step 1:GET the contents of the Certificate of the website( you want to have it imported as a trusted root)
步骤1:获取网站证书的内容(您希望将其作为受信任的根导入)
$ keytool -printcert -rfc -sslserver maven.2xoffice.com*
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIHJ73QrVnyJjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCVVMxEDAO
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoT
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY
...
-----END CERTIFICATE-----
The -rfc option outputs the certificate chain in PEM-encoded format for easy import back into a keystore.
Step 2:Save the whole thing (including the BEGIN CERTIFICATE and END CERTIFICATE lines, which are significant in this case) as godaddyg2.pem and imported it into my trust store via:
第 2 步:将整个内容(包括 BEGIN CERTIFICATE 和 END CERTIFICATE 行,在本例中很重要)保存为 Godaddyg2.pem 并通过以下方式将其导入我的信任存储:
Step 3:Import the certificate in the keystore( java trusted key store)
第三步:在keystore(java可信密钥库)中导入证书
$ keytool -importcert -file ./godaddyg2.pem -keystore $JRE_LIB/lib/security/cacerts
