maven无法找到所请求目标的有效认证路径" - letsencrypt ssl certificate

时间:2017-04-22 11:37:57

标签: apache maven ssl lets-encrypt

我最近切换到我的maven repo的letsencrypt证书(Apache代理背后的Artifactory)。通过浏览器进行回访访问工作正常,证明证书没有问题(截图如下)。

如果我import the certificate manually into the java keystore,它也有效。

但根据这个问题,Java should accept letsencrypt certificates starting with 8u101

我总是得到这个例外:

sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target -> [Help 1]

enter image description here

enter image description here 

C:\myproject>mvn -version
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T17:41:47+01:00)
Maven home: C:\maven
Java version: 1.8.0_112, vendor: Oracle Corporation
Java home: C:\jdk1.8_win64\jre
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 10", version: "10.0", arch: "amd64", family: "dos"

1 个答案:

答案 0 :(得分:2)

终于弄明白了,3个月后......

maven artifactory存储库前面的apache服务器未配置为在链中提供中间证书。

我下载了中间证书 - Let’s Encrypt Authority X3 (IdenTrust cross-signed) - 并配置了apache来提供服务。

实际上,domain.crt文件包含域和中间证书,并且对于我的所有测试浏览器来说总是足够好。但是那台机器上的eclipse / maven设置无法处理它。

我只是在SSL Labs check 告诉我证书链不完整(即使没有浏览器似乎在乎)之后才开始查看apache配置。

在:

  SSLEngine On
  SSLCertificateFile "path/to/domain.crt"
  SSLCertificateKeyFile "path/to/domain.key"

后:

  SSLEngine On
  SSLCertificateFile "path/to/domain.crt"
  SSLCertificateKeyFile "path/to/domain.key"
  SSLCertificateChainFile "path/to/letsencrypt-authority-x3-identrust.pem"
相关问题
最新问题