Hi David,

Thanks for your reply.
I checked that blog; however the solution described there seems to belong to other problem:

<snip>
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [This happens] when trying to open an SSL connection to a host using JSSE. What this usually means is that the server is using a test certificate (possibly generated using keytool) rather than a certificate from a well known commercial Certification Authority such as Verisign or GoDaddy. Web browsers display warning dialogs in this case, but since JSSE cannot assume an interactive user is present it just throws an exception by default.
</snip>

Because I am somewhat desperate, I have tested that program. It seems to do what the standard keytool does... I copied the generated jssecacert file into my ${jre.home}/lib/security directory and hoped for the best... But it didn't happen :-( I checked that the file was read using a file monitor, and it was read.

It seems that the solution could only be provided by applications (
http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#ciphersuitechoice).
In this case, Maven should provide the option to override the default host name checking algorithm with a do-nothing one.

Adrian.

David Williams wrote:
Sorry it was late when I replied. = )  Here's the link
http://blogs.sun.com/andreas/entry/no_more_unable_to_find

On 10/11/07, Adrian Herscu <[EMAIL PROTECTED]> wrote:
Yeah... Where is the link :-)?

I tried to play with the keytool program. I have imported the SSL
certificate into my key store; this creates a file named .keystore in
C:\Documents and Settings\me. I tried to run Maven and DAVExplorer;
their behavior did not change :-(

Now the weird things:

1. I have monitored the file access to the .keystore file. When I am
running keytool -list the .keystore file is accessed (seems like my file
monitoring program works). When I am running Maven or DAVExplorer, the
.keystore file is not accessed at all!
2. Maven is able to upload files to my WebDAV server! If I am building
all my modules locally, then I can run mvn deploy and the files are
uploaded!!!

Adrian.

Tim Kettler wrote:
Where's the link :-)?

David Williams schrieb:
Adrian,

This link may help you.  This java program allows you to manually
accept the
cert and place the generated file in your JDK or JRE.  Then the java
keeps
it as an accept cert.  I have not tried this with Maven but it worked
with
another application where the cert didn't match the server name.  Down
side
is that it would have to be on every user's machine.

Thanks,

David

On 10/10/07, Adrian Herscu <[EMAIL PROTECTED]> wrote:
Hi all,

I am hosting my project sources and binaries with some external
provider. He cannot set up an SSL certificate for my domain name...
Meanwhile, the only alternative is accept those SSL warnings about
domain name mismatch. I am getting them in my browser and also in my
SVN
client.
Now I am trying to set up Maven to build and deploy my project to this
provider. The problem is that I am getting these messages from Maven:

<snip>
[WARNING] repository metadata for: 'snapshot
org.wirexn.build.extensions:wirexn-
build-extensions:1.0-alpha-4-SNAPSHOT' could not be retrieved from
repository: s
[EMAIL PROTECTED] due to an error: Error transferring file
[INFO] Repository '[EMAIL PROTECTED]' will be blacklisted
</snip>

...and the artifacts cannot be resolved (of course).

I tried to see if this is a JRE specific problem. Downloaded a
Java-based WebDAV client (DAVExplorer), and it fails to connect with
this error message:

javax.net.ssl.SSLException: Name in certificate "his.domain.name" does
not match host name " my.domain.name"

Anyone knows about a hidden switch/option/configuration file to make
the
JRE accept the SSL connection even if the host name doesn't match to
that on the certificate?

Please help,
Adrian.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to