Our maven repository uses an SSL certificate that must be placed within the Java keystore for things to work properly. I used keytool to do this for the host machines Sun Java 6 installation and Hudson was able to work perfectly. However, when I tried to do a maven release, using the Maven release plugin (and the Hudson maven release plugin) I was receiving SSL errors even when trying to simply download artifacts:

[INFO] Downloading: https://intranet.mycorp.com/nexus/content/groups/public/org/apache/maven/doxia/doxia-sink-api/1.0/doxia-sink-api-1.0.pom
[INFO] [WARNING] Unable to get resource 'org.apache.maven.doxia:doxia-sink-api:pom:1.0' from repository MyCorp (https://intranet.mycorp.com/nexus/content/groups/public): Error transferring file: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I got around the problem by using keytool to add cacert.pem to the keystore of the Java sdk installation I found under $HUDSON_HOME/tools. The result of this is that any time I add another JDK installation I need to remember to do this or Maven releases will fail.

Perhaps Hudson could provide a configuration UI wherein a certificate could be uploaded and Hudson ensures that all installed JDK's are configured to trust that SSL certificate.