CODEWITHSUNDEEP
javasecuritymavenssl
Joe
Joe

Reputation: 8042

How do you get Maven to accept invalid SSL certificates?

My company keeps the Maven dependencies on a server that has an invalid SSL certificate. We must use https to connect. When I try to run Maven, it cannot download the resources.

I know the name of the site I am trying to go to. I'd be happy to either add a security exception for the site, or just shut off all the validation of ssl certificates so that all https sites will be considered valid.

I am using Maven 3.0.4.

Here are some highlights of the stack trace when I try to build:

Caused by: org.sonatype.aether.transfer.ArtifactTransferException: Could not transfer artifact
org.apache.maven:maven-plugin-api:pom:2.0.6 from/to NexusExternal (<code>https</code>:
//mydumbcompanysbrokensite:8443/nexus/content/groups/public): 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target

...

Caused by: org.apache.maven.wagon.TransferFailedException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification 
path to requested target

Upvotes: 5

Views: 17915

Answers (1)

lolo101
lolo101

Reputation: 439

You can simply disable Maven SSL validation by adding these options to the command line :

-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true

Upvotes: 7

Related Questions