Visit my.sonatype.com for documentation on Nexus Repository version 2.
Symptom: After configuring Nexus Repository 2 to serve SSL, maven builds fail with "peer not authenticated" or "PKIX path building failed".
This is usually caused by using a self-signed SSL certificate on Nexus Repository 2. Java does not consider these to be valid certificates, and will not allow connecting to servers running them by default.
You have a few choices here to fix this:
1. Add the public certificate of the Nexus server to the trust store of the Java-running Maven
2. Get the certificate on Nexus Repository 2 signed by a root certificate authority such as Verisign
3. Tell Maven to accept the certificate even though it isn't signed
For option 1 you can use the keytool command and follow the steps in the below article.
Explicitly Trusting a Self-Signed or Private Certificate in a Java-Based Client
For option 3, invoke Maven with "-Dmaven.wagon.http.ssl.insecure=true". If the hostname configured in the certificate doesn't match the hostname Nexus Repository 2 is running on you may also need to add "-Dmaven.wagon.http.ssl.allowall=true".
Note: These additional parameters are initialized in static initializers, so they have to be passed in via the MAVEN_OPTS environment variable. Passing them on the command line to Maven will not work.
See here for more information:
http://maven.apache.org/wagon/wagon-providers/wagon-http/
0 Comments