java Maven 错误,PKIX 路径构建失败:无法找到到请求目标的有效认证路径
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/45612814/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Maven error, PKIX path building failed: unable to find valid certification path to requested target
提问by Swagat
There are two remote servers are presents. Supposed we named them as a A and B. My java code is committed and up to date on GIT repository. I pulled the code on both server A and B. When I use mvn clean package install on server A, its working properly and build get successfully completed. But When I use mvn clean package install for server B its giving me following error with build failure massage.
有两个远程服务器存在。假设我们将它们命名为 A 和 B。我的 java 代码已提交并且在 GIT 存储库中是最新的。我在服务器 A 和 B 上提取了代码。当我在服务器 A 上使用 mvn clean package install 时,它工作正常并且构建成功完成。但是当我为服务器 B 使用 mvn clean package install 时,它给了我以下错误和构建失败消息。
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] oagi-srt ........................................... SUCCESS [ 0.292 s]
[INFO] oagi-srt-common .................................... SUCCESS [ 1.959 s]
[INFO] oagi-srt-repository ................................ SUCCESS [ 2.357 s]
[INFO] oagi-srt-service ................................... SUCCESS [ 2.064 s]
[INFO] oagi-srt-import .................................... SUCCESS [ 3.064 s]
[INFO] oagi-srt-webapp .................................... FAILURE [ 21.398 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 31.539 s
[INFO] Finished at: 2017-08-10T11:50:10+00:00
[INFO] Final Memory: 44M/303M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project srt-webapp: Could not resolve dependencies for project org.oagi:srt-webapp:war:1.0.0: Failed to collect dependencies at org.joinfaces:jsf-spring-boot-starter:jar:2.2.7 -> org.primefaces.extensions:all-themes:jar:1.0.8 -> org.primefaces.themes:afterdark:jar:1.0.8: Failed to read artifact descriptor for org.primefaces.themes:afterdark:jar:1.0.8: Could not transfer artifact org.primefaces.themes:themes-project:pom:1.0.8 from/to prime-repo-new (http://repository.primefaces.org): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :srt-webapp
Note:-If i directly place project war filein tomcat and restart the server, my application is working properly as I expected on both server.
注意:-如果我直接将项目war 文件放入 tomcat 并重新启动服务器,则我的应用程序在两台服务器上都按预期正常工作。
采纳答案by Luís Henrique Rocha
It seems your B server does not have the certificates to access the repository, try to compare the environment certificates between servers A and B.
您的 B 服务器似乎没有访问存储库的证书,请尝试比较服务器 A 和 B 之间的环境证书。
Also check this question: How do I find out what keystore my JVM is using?
还要检查这个问题:如何找出我的 JVM 正在使用的密钥库?
回答by Justin
My company IT policies blocked maven repo https because the certificate expired date is short. Importing certificate is painful. So I used this way to fix it:
我公司的 IT 策略阻止了 maven repo https,因为证书过期日期很短。导入证书很痛苦。所以我用这种方法来修复它:
- change to latest maven (verified on version 3.6.3)
- add those parameters
- 更改为最新的 maven(已在 3.6.3 版上验证)
- 添加这些参数
mvn clean package -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true
回答by Eric Wang
If you are using a repository other than apache maven repository, try to use httpinstead of httpsin the url.
如果您使用的是 apache maven 存储库以外的存储库,请尝试在 url 中使用http而不是https。
回答by Joey587
I know the thread is old. Perhaps this is for the other users who might stumble upon this to find an answer
我知道线程是旧的。也许这是为了其他可能偶然发现这个问题的用户找到答案
EM-Creations is right. The use of httpwill result in the default redirection to https. I've searched through several stackoverflow questions and other sites and the right answer would be to somehow make maven trust the certifcate of the repository/url/site that we wanted to work with
EM-Creations 是对的。的使用http将导致默认重定向到https. 我已经搜索了几个 stackoverflow 问题和其他站点,正确的答案是以某种方式让 maven 信任我们想要使用的存储库/url/站点的证书
For that first we need to import the (root) certificate of that part site. Please follow this link https://www.comodo.com/support/products/authentication_certs/setup/mac_chrome.php
为此,我们首先需要导入该部分站点的(根)证书。请点击此链接 https://www.comodo.com/support/products/authentication_certs/setup/mac_chrome.php
Now maven by default uses the java keystore trusted certificates and by default the trusted certificates are at {JAVA_HOME}/jre/lib.security/cacerts. So the next step is to add our downloaded certificate to the cacerts. For this you can use either the openssl or keytool commands. I prefer keytool personally and here is a sample one
现在 maven 默认使用 java 密钥库可信证书,默认情况下可信证书位于{JAVA_HOME}/jre/lib.security/cacerts. 所以下一步是将我们下载的证书添加到 cacerts。为此,您可以使用 openssl 或 keytool 命令。我个人更喜欢 keytool,这是一个示例
keytool
-import
-storepass <STOREPASS_PASSWORD>
-noprompt
-alias < unique certificate alias for Keystore>
-keystore <JRE_HOME>/lib/security/cacerts
-trustcacerts
-file <certificate file>
for mac users the default execution will result in a permission denied error. So you can use sudoto make it executable and writable
对于 mac 用户,默认执行将导致权限被拒绝错误。所以你可以用sudo它来使它可执行和可写
