You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Graham Leggett <mi...@sharp.fm> on 2009/03/29 19:13:50 UTC
Despite trusted CA, "unable to find valid certification path to requested
target"
Hi all,
I am having trouble getting mvn site:deploy to work with mvn v2.1.0
(also v2.0.6), as follows:
Embedded error: Failed to create destination WebDAV collection
(directory): /docs/stencil/0.0.1-SNAPSHOT/./apidocs
unable to find valid certification path to requested target
The machine is a MacOSX machine, and a search turns up three different
copies of the cacerts database (one for v1.4.2, one for 1.5.0 and one
for 1.6.0).
The CA cert for the DAV webserver is present in all three cacert
databases, and to be sure I physically removed and re-added the CA cert
to all three databases, with no luck.
From the symptoms I am seeing, it looks like none of these three cacert
databases are being used at all, and the JDK is using a mystery or
missing database of its own.
Can anyone confirm whether maven does any weird or special handling of
cacert databases on MacOSX, or does it just revert to the JDK default on
the platform?
Is there a way to see what CA cert database is being used by maven when
it runs? (It's obviously not using any of the cacert databases I've
added the CA cert to, or it would work).
Anyone ever solved a problem like this before?
Regards,
Graham
--
RE: Despite trusted CA, "unable to find valid certification path to requested target"
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
Give this tool a try then and see http://repository.apache.org/ssl/ if
it helps.
-----Original Message-----
From: Graham Leggett [mailto:minfrin@sharp.fm]
Sent: Sunday, March 29, 2009 3:04 PM
To: Maven Users List
Subject: Re: Despite trusted CA, "unable to find valid certification
path to requested target"
Brian E. Fox wrote:
> The CA may be trusted, but the site needs to expose the full signature
> trail from the server cert up to the CA. Not doing this will often
cause
> the site to appear ok in a browser, but not to java. Most SSL signing
> authorities provide a bundle that you can set on the server side.
In this case, the cert is signed by the CA directly, the full chain is
just two certs long.
Trying the same config under Linux works fine, with the same certs,
project and site.
Regards,
Graham
--
> -----Original Message-----
> From: Graham Leggett [mailto:minfrin@sharp.fm]
> Sent: Sunday, March 29, 2009 1:14 PM
> To: users@maven.apache.org
> Subject: Despite trusted CA, "unable to find valid certification path
to
> requested target"
>
> Hi all,
>
> I am having trouble getting mvn site:deploy to work with mvn v2.1.0
> (also v2.0.6), as follows:
>
> Embedded error: Failed to create destination WebDAV collection
> (directory): /docs/stencil/0.0.1-SNAPSHOT/./apidocs
> unable to find valid certification path to requested target
>
> The machine is a MacOSX machine, and a search turns up three different
> copies of the cacerts database (one for v1.4.2, one for 1.5.0 and one
> for 1.6.0).
>
> The CA cert for the DAV webserver is present in all three cacert
> databases, and to be sure I physically removed and re-added the CA
cert
> to all three databases, with no luck.
>
> From the symptoms I am seeing, it looks like none of these three
cacert
>
> databases are being used at all, and the JDK is using a mystery or
> missing database of its own.
>
> Can anyone confirm whether maven does any weird or special handling of
> cacert databases on MacOSX, or does it just revert to the JDK default
on
>
> the platform?
>
> Is there a way to see what CA cert database is being used by maven
when
> it runs? (It's obviously not using any of the cacert databases I've
> added the CA cert to, or it would work).
>
> Anyone ever solved a problem like this before?
>
> Regards,
> Graham
> --
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Despite trusted CA, "unable to find valid certification path
to requested target"
Posted by Graham Leggett <mi...@sharp.fm>.
Brian E. Fox wrote:
> The CA may be trusted, but the site needs to expose the full signature
> trail from the server cert up to the CA. Not doing this will often cause
> the site to appear ok in a browser, but not to java. Most SSL signing
> authorities provide a bundle that you can set on the server side.
In this case, the cert is signed by the CA directly, the full chain is
just two certs long.
Trying the same config under Linux works fine, with the same certs,
project and site.
Regards,
Graham
--
> -----Original Message-----
> From: Graham Leggett [mailto:minfrin@sharp.fm]
> Sent: Sunday, March 29, 2009 1:14 PM
> To: users@maven.apache.org
> Subject: Despite trusted CA, "unable to find valid certification path to
> requested target"
>
> Hi all,
>
> I am having trouble getting mvn site:deploy to work with mvn v2.1.0
> (also v2.0.6), as follows:
>
> Embedded error: Failed to create destination WebDAV collection
> (directory): /docs/stencil/0.0.1-SNAPSHOT/./apidocs
> unable to find valid certification path to requested target
>
> The machine is a MacOSX machine, and a search turns up three different
> copies of the cacerts database (one for v1.4.2, one for 1.5.0 and one
> for 1.6.0).
>
> The CA cert for the DAV webserver is present in all three cacert
> databases, and to be sure I physically removed and re-added the CA cert
> to all three databases, with no luck.
>
> From the symptoms I am seeing, it looks like none of these three cacert
>
> databases are being used at all, and the JDK is using a mystery or
> missing database of its own.
>
> Can anyone confirm whether maven does any weird or special handling of
> cacert databases on MacOSX, or does it just revert to the JDK default on
>
> the platform?
>
> Is there a way to see what CA cert database is being used by maven when
> it runs? (It's obviously not using any of the cacert databases I've
> added the CA cert to, or it would work).
>
> Anyone ever solved a problem like this before?
>
> Regards,
> Graham
> --
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
RE: Despite trusted CA, "unable to find valid certification path to requested target"
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
The CA may be trusted, but the site needs to expose the full signature
trail from the server cert up to the CA. Not doing this will often cause
the site to appear ok in a browser, but not to java. Most SSL signing
authorities provide a bundle that you can set on the server side.
-----Original Message-----
From: Graham Leggett [mailto:minfrin@sharp.fm]
Sent: Sunday, March 29, 2009 1:14 PM
To: users@maven.apache.org
Subject: Despite trusted CA, "unable to find valid certification path to
requested target"
Hi all,
I am having trouble getting mvn site:deploy to work with mvn v2.1.0
(also v2.0.6), as follows:
Embedded error: Failed to create destination WebDAV collection
(directory): /docs/stencil/0.0.1-SNAPSHOT/./apidocs
unable to find valid certification path to requested target
The machine is a MacOSX machine, and a search turns up three different
copies of the cacerts database (one for v1.4.2, one for 1.5.0 and one
for 1.6.0).
The CA cert for the DAV webserver is present in all three cacert
databases, and to be sure I physically removed and re-added the CA cert
to all three databases, with no luck.
From the symptoms I am seeing, it looks like none of these three cacert
databases are being used at all, and the JDK is using a mystery or
missing database of its own.
Can anyone confirm whether maven does any weird or special handling of
cacert databases on MacOSX, or does it just revert to the JDK default on
the platform?
Is there a way to see what CA cert database is being used by maven when
it runs? (It's obviously not using any of the cacert databases I've
added the CA cert to, or it would work).
Anyone ever solved a problem like this before?
Regards,
Graham
--
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org