You are viewing a plain text version of this content. The canonical link for it is here.
Posted to site-commits@maven.apache.org by sv...@apache.org on 2019/01/31 19:40:01 UTC
svn commit: r1852633 - in /maven/website/content:
guides/mini/guide-repository-ssl.html maven-site-1.0-site.jar
Author: svn-site-role
Date: Thu Jan 31 19:40:01 2019
New Revision: 1852633
Log:
Site checkin for project Apache Maven Site
Modified:
maven/website/content/guides/mini/guide-repository-ssl.html
maven/website/content/maven-site-1.0-site.jar
Modified: maven/website/content/guides/mini/guide-repository-ssl.html
==============================================================================
--- maven/website/content/guides/mini/guide-repository-ssl.html (original)
+++ maven/website/content/guides/mini/guide-repository-ssl.html Thu Jan 31 19:40:01 2019
@@ -145,28 +145,28 @@
<div id="bodyColumn" class="span10" >
<div class="section">
<h2><a name="Guide_to_Remote_repository_access_through_authenticated_HTTPS"></a>Guide to Remote repository access through authenticated HTTPS</h2>
-<p>This document describes how to configure Maven for accessing a remote repository that sits behind an HTTPS server which requires client authentication with certificates. It is expected that this documentation be valid both for Maven 1.x and Maven 2.0.</p>
+<p>This document describes how to configure Maven to access a remote repository that sits behind an HTTPS server which requires client authentication with certificates.</p>
<div class="section">
<h3><a name="The_problem"></a>The problem</h3>
-<p>You have a server storing a maven repository at addresse <tt>https://my.server.com/maven</tt>. This server only serves clients authenticated through SSL protocol by a valid certificate signed by an approved certificate authority's certificate which we call the <tt>CACert</tt>. In the simplest case where the server is used internally by an identified community of users (eg. corporate intranet), the server's certificate is the certificate authority as the server is used only internally.</p>
+<p>There is a maven repository at <tt>https://my.server.com/maven</tt>. This server only serves clients authenticated through SSL protocol by a valid certificate signed by an approved certificate authority's certificate which we call the <tt>CACert</tt>. In the simplest case where the server is used internally by an identified community of users (e.g. corporate intranet), the server's certificate is the certificate authority as the server is used only internally.</p>
<p>So we assume that we have access to the trusted certificate in X.509 format stored in a file named:</p>
<div>
<pre> /somewhere/in/filesystem/CACert.cert</pre></div>
-<p>The client's certificate has been issued by some other mean not described in this document in PKCS#12 format, which is the format that is accepted by browsers (at least Firefox and Internet Explorer) for importation in their keystore. This file is named:</p>
+<p>The client's certificate has been issued by some means not described in this document in PKCS#12 format, which is the format that is accepted by browsers (at least Firefox and Internet Explorer) for import into their keystore. This file is named:</p>
<div>
<pre> /home/directory/mycertificate.p12</pre></div>
-<p>and we assume it is accessible when launching maven. Note that this file contains the client's private key which may be very sensitive information and so is secured by a password:</p>
+<p>and we assume it is accessible when launching maven. This file contains the client's private key which may be very sensitive information so it is secured by a password:</p>
<div>
<pre> CeRtPwD</pre></div>
-<p>The remote repository is referenced either through the <tt>pom.xml</tt> file (maven2.0) or one of <tt>build.properties</tt> or <tt>project.properties</tt> (Maven1.X). In Maven 1.X:</p>
+<p>The remote repository is referenced either through the <tt>pom.xml</tt> file:</p>
<div>
<pre>maven.repo.remote=https://my.server.com/maven,http://www.ibiblio.org/maven</pre></div></div>
<div class="section">
<h3><a name="The_solution"></a>The solution</h3>
<p>For maven to use this repository, we should take the following steps:</p>
<ol style="list-style-type: decimal">
-<li>Create a store to hold the server's certificate usings Sun's <a class="externalLink" href="http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html"> keytool</a>,</li>
-<li>Defines properties to be used by HttpClient for finding keys and certificate</li></ol>
+<li>Create a store to hold the server's certificate usings Oracle's <a class="externalLink" href="https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html"> keytool</a>,</li>
+<li>Define properties to be used by HttpClient for finding keys and certificate</li></ol>
<div class="section">
<h4><a name="Storing_certificate"></a>Storing certificate</h4>
<p>The following command line imports the certififcate authority's certificate into a JKS formatted key store named <tt>trust.jks</tt>, the <i>trust store</i>.</p>
@@ -212,15 +212,11 @@ $></pre></div>
-Djavax.net.ssl.trustStorePassword= \
-Djavax.net.ssl.keyStore=/home/directory/mycertificate.p12 \
-Djavax.net.ssl.keyStoreType=pkcs12 \
- -Djavax.net.ssl.keyStorePassword=XXXXXX"</pre></div></div>
-<div class="section">
-<h5><a name="For_maven_1.X_users"></a>For maven 1.X users</h5>
-<p>Setting these properties in <tt>build.properties</tt> or <tt>project.properties</tt> does <b>not work</b>: the properties are needed before any of theses files are opened.</p></div></div></div>
+ -Djavax.net.ssl.keyStorePassword=XXXXXX"</pre></div></div></div></div>
<div class="section">
<h3><a name="Links"></a>Links</h3>
<p>The following links may be useful in understanding SSL infrastructure management in Java:</p>
<ul>
-<li><a class="externalLink" href="http://java.sun.com/j2se/1.4.2/docs/guide/security/"> Javasecurity infrastructure (1.4.2)</a></li>
<li><a class="externalLink" href="http://hc.apache.org/httpclient-3.x/sslguide.html"> HttpClient</a>'s SSL guide</li></ul></div></div>
</div>
</div>
Modified: maven/website/content/maven-site-1.0-site.jar
==============================================================================
Binary files - no diff available.