Sonatype Nexus上传失败,证书为nexus.xyz.corp并不匹配证书主题的通用名称:wiki.xyz.corp

时间:2016-05-23 14:45:36

标签: ssl gradle certificate nexus

尝试使用Gradle将文件上传到Nexus时出现以下错误:

证书不符合证书主题的通用名称:wiki.xyz.corp

详细说明:

C:\data\Workspaces\httpstest>gradlew uploadArchives
:compileJava UP-TO-DATE
:processResources UP-TO-DATE
:classes UP-TO-DATE
:jar SKIPPED
:uploadArchives
Could not transfer artifact com.xyz:httpstest:jar:1.0.0 from/to remo
te (https://nexus.xyz.corp/nexus/content/repositories/1st-rel/): Cer
tificate for <nexus.xyz.corp> doesn't match common name of the certi
ficate subject: wiki.xyz.corp
Could not transfer artifact com.xyz:httpstest:pom:1.0.0 from/to remo
te (https://nexus.xyz.corp/nexus/content/repositories/1st-rel/): Cer
tificate for <nexus.xyz.corp> doesn't match common name of the certi
ficate subject: wiki.xyz.corp
:uploadArchives FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':uploadArchives'.
> Could not publish configuration 'archives'
   > Failed to deploy artifacts: Could not transfer artifact com.xyz
:httpstest:jar:1.0.0 from/to remote (https://nexus.xyz.corp/nexus/co
ntent/repositories/1st-rel/): Certificate for <nexus.xyz.corp> doesn
't match common name of the certificate subject: wiki.xyz.corp
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug
option to get more log output.
BUILD FAILED
Total time: 5.511 secs

通过HTTPS下载工作正常,但上传却没有。 nexus.xyz.corp的证书具有正确的通用名称,而不是错误消息所暗示的wiki.xyz.corp。 但是,wiki.xyz.corp是在同一服务器上运行的不同站点。

这里的问题是什么?

1 个答案:

答案 0 :(得分:0)

当使用SNI共享不同的域(wiki.xyz.corp和nexus.xyz.corp)时会发生这种情况。 它至少出现在Gradle 2.5 - Gradle 2.13版本中。原因是Gradle在不支持SNI的版本中使用Maven Wagon Library。在这种情况下,Web服务器返回默认证书。看来,wiki.xyz.corp被定义为默认证书。

Gradle DiscussionGradle Issues中讨论了这一点。

可能的解决方法:

  • 将nexus.xyz.corp定义为默认证书,但要注意其他网站上的问题
  • 将Maven Wagon替换为Maven Publish,但目前处于测试阶段。请参阅Maven Publish.
  • 尝试配置没有SNI的系统
  • 以禁用主机检查的方式启动Gradle(这是安全漏洞!):

gradlew -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true uploadArchives