Reputation: 7188
m2e with ssl certificate-based authentication
TL;DR
How to make Eclipse's built-in Maven connect to an HTTPS repository that uses certificate-based authentication?
It seems that m2e is able to find the keystores, but unable to connect. Command-line Maven works like a charm using exactly the same keystores. Run as -> Maven build works with external Maven and not with the embedded one.
Problem
I have a Maven project with a dependency. That dependency is available in a repository that uses SSL certificate-based authentication in addition to regular username-password combination. I need to make it work in Eclipse Luna, with the built-in Maven. All I am able to get is handshake_failure. Investigation of the logs shows that the built-in Maven is unable to find a matching certificate.
When I use Run as -> Maven build with an external Maven, or command-line Maven, it successfully connects to the repository and fetches the artifact exactly as needed.
The interesting thing is, both external and embedded Mavens have the same version (3.2.3).
Setup
I pass these parameters through eclipse.ini:
-Djavax.net.ssl.trustStore=java.cacerts
-Djavax.net.ssl.trustStorePassword=******
-Djavax.net.ssl.keyStore=private.cacerts
-Djavax.net.ssl.keyStorePassword=******
-Djavax.net.debug=ssl,handshake
The trustStore file contains:
- the whole certificate chain for the repository I connect to (the chain ends with a self-signed certificate), one of them being stored under the alias
repository.location.url(literal repository location here, e.g. myrepository.com) - certificate for maven central
The keyStore file contains an imported PKCS certificate under an alias of the repository.
There seems to be no problem at all with the setup, as the command-line Maven works. If I use external Maven or command-line one, it works. If I swich to embedded one (which is always used for resolving dependencies), handshake error shows up.
What am I doing wrong? I might be missing something completely obvious. Any help would be appreciated.
Upvotes: 12
Views: 19496
Answers (4)
Reputation: 195
I managed to fix it by setting external maven in eclipse. Eclipse->Window->Preferences->Maven->Installations->Add
Upvotes: 0
Reputation: 51
Options that didn't work for me
- Installing certificate to java > jre > lib > security > cacerts
- Providing cacerts in java run configuration vm arguments
- Updating eclipse to latest versions like mars or neon
- Updating maven plugin for eclipse to 1.7.0
Steps that resolved the issue for me
- Download certificate file & add in eclipse at Preferences > Remote Systems > SSL > Add
- Clear .m2 > repository folder of all existing files
- Open eclipse, right-click on project and Select Maven > Update Project. Choose Force Update of Snapshots/Releases
updated on 9/19/2017
- If nothing else works, Installing the certificate to Java on your machine @ java > jre > lib > security > cacerts can help
Upvotes: 5
Reputation: 56
I had exactly the same problem: Eclipse could not connect to external maven repository using embedded maven installation in case the repository requires a client SSL certificate.
The problem was solved by upgrading to latest jvm (in my case - 1.8.0u52) and upgrading Eclipse m2e plugin to version 1.6.1 (with Eclipse version 4.4.0).
Upvotes: 4
Reputation: 11
In your run configurations select your maven build and then select the JRE tab at the top of the dialog. Put your SSL parameters into the VM arguments text-area.
that's what fixed it for me.
Upvotes: 1
Related Questions
- Java and SSL certificates
- Force m2e to use http instead of https
- How do you get Maven to accept invalid SSL certificates?
- Java EE Certificate-Based Mutual Authentication
- Java SSL Certificate
- encrypt maven passwords within eclipse using m2e
- SSL authentication in Java as Server/client model
- Client side ssl in J2me?
- Java certificate based authentication
- J2ME intermediate certificates