Reputation: 3824
How to tell Maven to disregard SSL errors (and trusting all certs)?
I frequently need to run "mvn" command :
mvn -f pom.xml clean install -Dmaven.test.skip=false --settings /Users/myhome/settings.xml -X -Djavax.net.ssl.trustStore=/Users/myhome/truststore.jks -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=dummy -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -U
As I need to integrate with various other domains, so currently every time I have to add their certificate to my truststore.jks to prevent SSL handshake errors.
Is there any way I can configure mvn to ignore SSL errors.
Upvotes: 192
Views: 411941
Answers (9)
Reputation: 11
-Dmaven.wagon.http.ssl.insecure=true - enable use of relaxed SSL check for user generated certificates.
Upvotes: 0
Reputation: 10895
You can disable SSL certificate checking by adding one or more of these command line parameters:
-Dmaven.wagon.http.ssl.insecure=true- enable use of relaxed SSL check for user generated certificates.-Dmaven.wagon.http.ssl.allowall=true- enable match of the server's X.509 certificate with hostname. If disabled, a browser like check will be used.-Dmaven.wagon.http.ssl.ignore.validity.dates=true- ignore issues with certificate dates.-Dmaven.resolver.transport=wagon- In Maven 3.9.0 and newer, they've switched to using Apache HttpClient 4 by default. You need to use this to switch back towagonfor the above flags to work.
Official documentation: http://maven.apache.org/wagon/wagon-providers/wagon-http/
Here's the oneliner for an easy copy-and-paste:
-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true
Ajay Gautam suggested that you could also add the above to the ~/.mavenrc file as not to have to specify it every time at command line:
$ cat ~/.mavenrc
MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true"
Upvotes: 416
Reputation: 181
Refer to https://maven.apache.org/resolver/configuration.html, just set aether.connector.https.securityMode=insecure. It works for me with Maven 3.9.4.
Upvotes: 18
Reputation: 422
If for any reason maven.config should not work:
Try set the content as a environment variable.
Example:
MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dhttps.protocols=TLSv1.2"
After setting the environment variable, you can simply run your mvn command.
For a short test you can set the environment variable for a session
Powershell:
$env:MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dhttps.protocols=TLSv1.2"
Bash:
export MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dhttps.protocols=TLSv1.2"
CMD:
set MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dhttps.protocols=TLSv1.2"
Upvotes: 4
Reputation: 21478
If you want to put all the same maven.wagon.http.ssl. settings into ~/.m2/settings.xml instead of ~/.mavenrc, this is what you need to put in the file:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<profiles>
<profile>
<id>definedInM2SettingsXML</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<maven.wagon.http.ssl.insecure>true</maven.wagon.http.ssl.insecure>
<maven.wagon.http.ssl.allowall>true</maven.wagon.http.ssl.allowall>
<maven.wagon.http.ssl.ignore.validity.dates>true</maven.wagon.http.ssl.ignore.validity.dates>
</properties>
</profile>
</profiles>
</settings>
Upvotes: 0
Reputation: 799
I found that the latest jdk16 will fail SSL certificates so I have to use the
-Dmaven.wagon.http.ssl.ignore.validity.dates=true to work around; switching to jdk11(LTS) then all problems are gone.
Also jdk1.8 was tested too, which also worked without any parameters; but jdk1.8 is in in no-update mode, better move on to the LTS jdk versions, but not the latest jdk16.
Upvotes: 1
Reputation: 11327
Create a folder ${USER_HOME}/.mvn
and put a file called maven.config in it.
The content should be:
-Dmaven.wagon.http.ssl.insecure=true
-Dmaven.wagon.http.ssl.allowall=true
-Dmaven.wagon.http.ssl.ignore.validity.dates=true
Hope this helps.
Upvotes: 51
Reputation: 2247
An alternative that worked for me is to tell Maven to use http: instead of https: when using Maven Central by adding the following to settings.xml:
<settings>
.
.
.
<mirrors>
<mirror>
<id>central-no-ssl</id>
<name>Central without ssl</name>
<url>http://repo.maven.apache.org/maven2</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
.
.
.
</settings>
Your mileage may vary of course.
Upvotes: 50
Reputation: 1818
You can also configure m2e to use HTTP instead of HTTPS
force-m2e-to-use-http-instead-of-https
Upvotes: -1
Related Questions
- What is the correct way of forcing maven to use HTTPS for maven central?
- Maven Error: (repeated) java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
- Maven release plugin SSL problems
- How to configure Maven to use HTTPS when connecting to repo.maven.apache.org
- maven is "unable to find valid certification path to requested target" - letsencrypt ssl certificate
- Ignore SSL certificate works with Maven 3 but fails for Maven 2 with SSL Socket Factory Exception
- How do you get Maven to accept invalid SSL certificates?
- Use a secure maven repository over https
- forcing jetty (running on maven) to ignore ssl error
- Access a Maven repository located in https