Visit my.sonatype.com for documentation on Nexus Repository version 2.
Symptoms
The Status of one or more of your repositories that have a remote URL starting with https is:
In service - Remote Automatically Blocked and Unavailable.
The repository was automatically blocked by Nexus Repository 2 because the error indicates:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Summary
This means the trust store that Nexus Repository 2 is using cannot validate the SSL certificates of those remote http URLs.
Normally this does not happen, but examples of when it can happen are:
- an http proxy server is rewriting the remote certificates to new ones which are not trusted by Nexus Repository 2
Please review the specific article for a solution to this scenario.
- Nexus Repository 2 is using an outdated JRE version with old root certificates
- Nexus Repository 2 is configured with system properties which override the default truststore with an empty one
- the remote URL of the proxy repository is serving a self-signed certificate
Solution
First, make sure you are using the latest JDK version supported so that your root certificates are up to date.
You can explicitly examine and trust the remote certificate by
- Go to Views/Repositories -> Repositories. Select the repository with the problem.
- Selecting the SSL configuration tab of the repository. The SSL tab shows the remote certificate. Examine it closely. If you want to trust the cert, check "Use Nexus SSL trust store" and the "Add to Trust Store" button.