Hi David,
Thanks for your reply.
I checked that blog; however the solution described there seems to
belong to other problem:
<snip>
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
[This happens] when trying to open an SSL connection to a host using
JSSE. What this usually means is that the server is using a test
certificate (possibly generated using keytool) rather than a certificate
from a well known commercial Certification Authority such as Verisign or
GoDaddy. Web browsers display warning dialogs in this case, but since
JSSE cannot assume an interactive user is present it just throws an
exception by default.
</snip>
Because I am somewhat desperate, I have tested that program. It seems to
do what the standard keytool does... I copied the generated jssecacert
file into my ${jre.home}/lib/security directory and hoped for the
best... But it didn't happen :-( I checked that the file was read using
a file monitor, and it was read.
It seems that the solution could only be provided by applications (
http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#ciphersuitechoice).
In this case, Maven should provide the option to override the default
host name checking algorithm with a do-nothing one.
Adrian.
David Williams wrote:
Sorry it was late when I replied. = ) Here's the link
http://blogs.sun.com/andreas/entry/no_more_unable_to_find
On 10/11/07, Adrian Herscu <[EMAIL PROTECTED]> wrote:
Yeah... Where is the link :-)?
I tried to play with the keytool program. I have imported the SSL
certificate into my key store; this creates a file named .keystore in
C:\Documents and Settings\me. I tried to run Maven and DAVExplorer;
their behavior did not change :-(
Now the weird things:
1. I have monitored the file access to the .keystore file. When I am
running keytool -list the .keystore file is accessed (seems like my file
monitoring program works). When I am running Maven or DAVExplorer, the
.keystore file is not accessed at all!
2. Maven is able to upload files to my WebDAV server! If I am building
all my modules locally, then I can run mvn deploy and the files are
uploaded!!!
Adrian.
Tim Kettler wrote:
Where's the link :-)?
David Williams schrieb:
Adrian,
This link may help you. This java program allows you to manually
accept the
cert and place the generated file in your JDK or JRE. Then the java
keeps
it as an accept cert. I have not tried this with Maven but it worked
with
another application where the cert didn't match the server name. Down
side
is that it would have to be on every user's machine.
Thanks,
David
On 10/10/07, Adrian Herscu <[EMAIL PROTECTED]> wrote:
Hi all,
I am hosting my project sources and binaries with some external
provider. He cannot set up an SSL certificate for my domain name...
Meanwhile, the only alternative is accept those SSL warnings about
domain name mismatch. I am getting them in my browser and also in my
SVN
client.
Now I am trying to set up Maven to build and deploy my project to this
provider. The problem is that I am getting these messages from Maven:
<snip>
[WARNING] repository metadata for: 'snapshot
org.wirexn.build.extensions:wirexn-
build-extensions:1.0-alpha-4-SNAPSHOT' could not be retrieved from
repository: s
[EMAIL PROTECTED] due to an error: Error transferring file
[INFO] Repository '[EMAIL PROTECTED]' will be blacklisted
</snip>
...and the artifacts cannot be resolved (of course).
I tried to see if this is a JRE specific problem. Downloaded a
Java-based WebDAV client (DAVExplorer), and it fails to connect with
this error message:
javax.net.ssl.SSLException: Name in certificate "his.domain.name" does
not match host name " my.domain.name"
Anyone knows about a hidden switch/option/configuration file to make
the
JRE accept the SSL connection even if the host name doesn't match to
that on the certificate?
Please help,
Adrian.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
