Reputation: 1604
Gradle build fails due to sun.security.validator.ValidatorException despite installing certificates
I'm trying to run lenskit-hello according to their instructions. When I run ./gradlew build, I receive the error
(base) Briennas-MBP:lenskit-hello-master briennakh$ ./gradlew build
:compileJava
FAILURE: Build failed with an exception.
* What went wrong:
Could not resolve all dependencies for configuration ':compileClasspath'.
> Could not resolve org.lenskit:lenskit-all:3.0-M3.
Required by:
:lenskit-hello-master 4.50.57 AM:unspecified
> Could not resolve org.lenskit:lenskit-all:3.0-M3.
> Could not get resource 'https://repo1.maven.org/maven2/org/lenskit/lenskit-all/3.0-M3/lenskit-all-3.0-M3.pom'.
> Could not GET 'https://repo1.maven.org/maven2/org/lenskit/lenskit-all/3.0-M3/lenskit-all-3.0-M3.pom'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> Could not resolve org.lenskit:lenskit-all:3.0-M3.
> Could not get resource 'https://jcenter.bintray.com/org/lenskit/lenskit-all/3.0-M3/lenskit-all-3.0-M3.pom'.
> Could not GET 'https://jcenter.bintray.com/org/lenskit/lenskit-all/3.0-M3/lenskit-all-3.0-M3.pom'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.
BUILD FAILED
Total time: 4.009 secs
I am using Java 1.8.0_241 (and only that one is installed) on MacOS Mojave 10.14.6. I've installed the most recent security updates, then restarted my computer. I have attempted this on my regular wifi and on my phone's hotspot.
I followed instructions in the accepted answer here, downloading the security certificates from both https://repo1.maven.org/maven2/org/lenskit/lenskit-all/3.0-M2/lenskit-all-3.0-M2.pom and https://oss.sonatype.org/content/repositories/snapshots/org/lenskit/lenskit-all/3.0-M2/lenskit-all-3.0-M2.pom and adding them to the keystore via the following command (only showing one of two):
keytool -import -alias maven -file /Users/briennakh/Downloads/maven.cer -keystore
/Library/Java/JavaVirtualMachines/jdk1.8.0_241.jdk/Contents/Home/jre/lib/security/cacerts
Then if I check
keytool -list -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_241.jdk/Contents/Home/jre/lib/security/cacerts | grep maven
it shows that my certificate has been added, maven, Mar 17, 2020, trustedCertEntry, yet I'm still getting the same error when running ./gradlew build?
I also checked openssl x509 -in /Users/briennakh/Downloads/maven.pem -text to make sure that the certificate looks all right.
Upvotes: 19
Views: 47076
Answers (4)
Reputation: 937
My solution: if you use a VPN client, close it. E.g: Zscaller.
More info :
If your company runs something like ZScaler, which intercepts SSL traffic and presents its own certificate, you may also run into this issue.
There’s a couple of approaches to solve this. One, add those CA certs to your Java cacerts. Or, if your sysadmins have already added those certs to your system’s root certificates, then you can tell gradle/java to trust the root certs. Gradle apparently does this from 8.3, but there is a workaround for earlier versions: https://github.com/gradle/gradle/pull/25106 159
I have this in my ~/.gradle/gradle.properties on my mac:
systemProp.javax.net.ssl.trustStore=/dev/null
systemProp.javax.net.ssl.trustStoreType=KeychainStore
systemProp.java.security.KeyStore=KeychainStore
Here’s the same thing for Windows:
systemProp.javax.net.ssl.trustStore=NUL
systemProp.javax.net.ssl.trustStoreType=Windows-ROOT
https://discuss.gradle.org/t/unable-to-build-a-java-project-due-to-certificates/46993
Upvotes: 9
Reputation: 341
Was found this method on site(https://discuss.gradle.org/t/unable-to-build-a-java-project-due-to-certificates/46993) and it solved my problem without append any certs to java and other manipulations. But maybe this is not safe!
~/.gradle/gradle.properties (MAC)
systemProp.javax.net.ssl.trustStore=/dev/null
systemProp.javax.net.ssl.trustStoreType=KeychainStore
systemProp.java.security.KeyStore=KeychainStore
(Windows)
systemProp.javax.net.ssl.trustStore=NUL
systemProp.javax.net.ssl.trustStoreType=Windows-ROOT
ps. I've my own gradle.properties file with proxy settings (username, pass, proxyport ...)
Upvotes: 23
Reputation: 3574
Setting my project Gradle JDK version to that used by JAVA_HOME solved it
Upvotes: 3
Reputation: 76619
That SSL certificate is not self-signed to begin with, therefore it does not require manual adding. Try re-installing Java or set an alternate install location as $JAVA_HOME, with a default cacerts file. Something seems to be broken, as it should not reject the certificate for repo1.maven.org. ls -la $JAVA_HOME/jre/lib/security/cacerts says cacerts should have about 114757 bytes. If you're behind a firewall, you might need to configure a proxy for Gradle.
This should attempt an SSL session (not through Java):
$ openssl s_client -connect repo1.maven.org:443
This project also uses a rather outdated version of Gradle, eg:
distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.4-all.zip
Upvotes: 9
Related Questions
- Java does not trusting any SSL Certificate on Windows
- How to resolve repository certificate error in Gradle build
- Unable to skip ssl verification with gradle command but able to do so in maven
- How to configure Gradle to bypass SSL certificate validation?
- How to bypass SSL verification for Gradle 4.5?
- how to resolve SunCertPathBuilderException error for android studio
- sun.security.validator.ValidatorException: SunCertPathBuilderException -while importing certificate
- Analyse ssl error with gradle (-Djavax.net.debug=ssl seems not to be respected)
- Gradle: No trusted certificate found
- ./gradlew fails with NoSuchAlgorithmException