Maven is unable to connect to Nexus Repository 2 after configuring to use SSL.

Visit for documentation on Nexus Repository version 2.

Symptom: After configuring Nexus Repository 2 to serve SSL, maven builds fail with "peer not authenticated" or "PKIX path building failed".

This is usually caused by using a self-signed SSL certificate on Nexus Repository 2. Java does not consider these to be valid certificates, and will not allow connecting to servers running them by default.

You have a few choices here to fix this:

1. Add the public certificate of the Nexus server to the trust store of the Java-running Maven
2. Get the certificate on Nexus Repository 2 signed by a root certificate authority such as Verisign
3. Tell Maven to accept the certificate even though it isn't signed

For option 1 you can use the keytool command and follow the steps in the below article.

Explicitly Trusting a Self-Signed or Private Certificate in a Java-Based Client

For option 3, invoke Maven with "-Dmaven.wagon.http.ssl.insecure=true". If the hostname configured in the certificate doesn't match the hostname Nexus Repository 2 is running on you may also need to add "-Dmaven.wagon.http.ssl.allowall=true".

Note: These additional parameters are initialized in static initializers, so they have to be passed in via the MAVEN_OPTS environment variable.  Passing them on the command line to Maven will not work.

See here for more information:


Have more questions? Submit a request


Article is closed for comments.