Symptoms
The Status of one or more of your proxy repositories that have a remote URL starting with https is:
In service - Remote Automatically Blocked and Unavailable.
The repository was automatically blocked by Nexus Repository because the error indicates:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Summary
This means the trust store that Nexus Repository is using cannot validate the SSL certificates of those remote http URLs.
Normally this does not happen, but examples of when it can happen are:
- An http proxy server is rewriting the remote certificates to new ones which are not trusted by Nexus Repository
Please review the specific article for a solution to this scenario.
- Nexus Repository is using an outdated JRE version with old root certificates
- Nexus Repository is configured with system properties which override the default truststore with an empty one
- The remote URL of the proxy repository is serving a self-signed certificate
Solution
First, make sure you are using the latest JDK version supported so that your root certificates are up to date.
You can explicitly examine and trust the remote certificate by
- From Nexus UI, go to
Server Administration -> Repository -> Repositories. Select the repository with the problem. - Under the "Use the Nexus Repository truststore" section, Click on the "View certificate" button triggers the display of the remote SSL certificate details in a dialog. Examine it closely. If you want to trust the cert, click on "Add certificate to truststore" button. Also ensure "Use the Nexus Repository truststore" checkbox is checked.
Further details are documented in Outbound SSL - Trusting SSL Certificates of Remote Repositories.