So this happens when you are behind a proxy and we need the proxy server certificate to be added to the java truststore

因此，当您在代理后面并且我们需要将代理服务器证书添加到 java 信任库时，就会发生这种情况

cp $JAVA_HOME/jre/lib/security/cacerts <some accessible dir>/
# Get the certificate of the proxy server and store it in a file-proxy.pem
keytool -keystore cacerts -import -file proxy.pem -alias my_proxy
# Now we can invoke sbt with following config
sbt  "-Djavax.net.ssl.trustStore=/path/to/included/proxycert/cacerts" compile

If I recall correctly, SBT indirectly uses an old version of apache commons httpclient (3.1) which doesn't respect the java system properties for specifying truststores by default.

如果我没记错的话，SBT 间接使用旧版本的 apache commons httpclient (3.1)，它不尊重默认情况下指定信任库的 java 系统属性。

I can think of three potential solutions:

我可以想到三种可能的解决方案：

1. Use a proxy repository like artifactoryso SBT can only has to connect to the proxy and the proxy can take care of https outwards via the corporate proxy.

2. Install the corporate issuing certificate into the default truststore for the JVM (usually %JDK_HOME%/jre/lib/security/cacerts). You would have to do this each time you run a new JRE.

3. Try using coursier. It's a plugin for SBT which provides a different way of fetching dependencies that does not go through apache httpclient. It uses an http library which I think should respect the java system properties for truststore. It's also much faster.

1. 使用像artifactory这样的代理存储库，这样 SBT 只需连接到代理，代理就可以通过公司代理向外处理 https。

2. 将公司颁发的证书安装到 JVM 的默认信任库中（通常为%JDK_HOME%/jre/lib/security/cacerts）。每次运行新的 JRE 时都必须这样做。

3. 尝试使用cousier。它是 SBT 的一个插件，它提供了一种不同的方式来获取不通过 apache httpclient 的依赖项。它使用一个 http 库，我认为它应该尊重 truststore 的 java 系统属性。它也快得多。

This solved the problem:

这解决了这个问题：

Add -Djavax.net.ssl.trustStore="C:\Program Files\Java\jre1.8.0_121\lib\security\cacerts" to the sbt config file (sbtconfig).

将 -Djavax.net.ssl.trustStore="C:\Program Files\Java\jre1.8.0_121\lib\security\cacerts" 添加到 sbt 配置文件 (sbtconfig)。

If using IntelliJ Idea, click on "SBT Settings" -> JVM Options -> VM Parameters and add the same line.

如果使用 IntelliJ Idea，请单击“SBT 设置”-> JVM 选项-> VM 参数并添加相同的行。

The path is the path to the cacerts file that resides on the JDK path -> lib -> security.

该路径是驻留在 JDK 路径 -> lib -> security 上的 cacerts 文件的路径。

It is necessary to import the proxy certificate with the keystore tool, as described in: SSL certificate problem in a web service proxy

需要使用keystore工具导入代理证书，如：web service proxy中的SSL证书问题

This error can also happen if you use an outdated Java version. I've got this error using Java version 1.8.0_45-b14. Updating to Java version 11.0.2+7 (2018-10-16) solved it for me.

如果您使用过时的 Java 版本，也会发生此错误。我在使用 Java 版本 1.8.0_45-b14 时遇到了这个错误。更新到 Java 版本 11.0.2+7 (2018-10-16) 为我解决了这个问题。

Just for reference, the full error message I got was:

仅供参考，我收到的完整错误消息是：

[error] typesafe-ivy-releases: unable to get resource for com.geirsson#sbt-scalafmt;1.6.0-RC4: res=https://repo.typesafe.com/typesafe/ivy-releases/com.geirsson/sbt-scalafmt/1.6.0-RC4/jars/sbt-scalafmt.jar: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

[错误] typesafe-ivy-releases：无法获得 com.geirsson#sbt-scalafmt 的资源；1.6.0-RC4：res= https://repo.typesafe.com/typesafe/ivy-releases/com.geirsson/ sbt-scalafmt/1.6.0-RC4/jars/sbt-scalafmt.jar：javax.net.ssl.SSLHandshakeException：sun.security.validator.ValidatorException：PKIX路径构建失败：sun.security.provider.certpath.SunCertPathBuilderException：无法找到请求目标的有效认证路径

Switching to the newer Java version solved it instantly.

切换到较新的 Java 版本立即解决了它。

On MacOS, I solved it by running the sbtcommand with sudo.

在 MacOS 上，我通过sbt使用sudo.