Hello, I am trying to get Maven (3.2.2) to work with an instance of Archiva hosted behind a webserver secured with client-side SSL certificates.
I have followed the guide at https://maven.apache.org/guides/mini/guide-repository-ssl.html, and imported the server-side SSL certificate into a Java .jks file. The client-side certificate is a PKCS12 file, which works correctly in Firefox and Chromium. I have a simple project that depends on an artifact hosted on my Archiva server. When client-side SSL verification is disabled on the server, `mvn clean install` works as expected, and the dependency is downloaded. But it doesn't work when I activate client-side SSL verification, and try the following command: mvn clean install -Djavax.net.debug=ssl -Djavax.net.ssl.trustStore=PATH_TO_TRUSTDB.jks -Djavax.net.ssl.trustStorePassword=**************** -Djavax.net.ssl.keyStore=PATH_TO_MY_CERT.p12 -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=**************** >From what I can see in the output, my .p12 file is read by Maven at the start, as is the trust-store, but it fails to complete requests to the Archiva server, although TLS handshaking appears to work, so the server-side certificate is trusted and accepted. The server throws the "400: No required SSL certificate was sent" error message you get when trying to talk to it without a client-side SSL certificate installed. In the server log I am indeed seeing HTTP GET requests from Maven without any client-side SSL certificate, whereas GETs by a browser do show access with the valid certificate there. Any idea why Maven isn't using the client-side SSL certificate passed via -Djavax.net.ssl.keyStoreType? Is there some configuration option I am overlooking? Kind regards, Jeroen Hoek Lable --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
