-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
Ubuntu 10.04, Tomcat6, Sun Java 6
Our maven repository uses an SSL certificate that must be placed within the Java keystore for things to work properly. I used keytool to do this for the host machines Sun Java 6 installation and Hudson was able to work perfectly. However, when I tried to do a maven release, using the Maven release plugin (and the Hudson maven release plugin) I was receiving SSL errors even when trying to simply download artifacts:
[INFO] Downloading: https://intranet.mycorp.com/nexus/content/groups/public/org/apache/maven/doxia/doxia-sink-api/1.0/doxia-sink-api-1.0.pom
[INFO] [WARNING] Unable to get resource 'org.apache.maven.doxia:doxia-sink-api:pom:1.0' from repository MyCorp (https://intranet.mycorp.com/nexus/content/groups/public): Error transferring file: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I got around the problem by using keytool to add cacert.pem to the keystore of the Java sdk installation I found under $HUDSON_HOME/tools. The result of this is that any time I add another JDK installation I need to remember to do this or Maven releases will fail.
Perhaps Hudson could provide a configuration UI wherein a certificate could be uploaded and Hudson ensures that all installed JDK's are configured to trust that SSL certificate.