maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Herscu <>
Subject Re: [m2] SSL certificate name does not match
Date Tue, 16 Oct 2007 10:25:34 GMT
Perhaps sometime, someone will want to add a switch that turns off host 
name verification. This seems to be supported in the HttpClient 4.0 API.
Any comments?

Adrian Herscu wrote:
> Hi David,
> Thanks for your reply.
> I checked that blog; however the solution described there seems to 
> belong to other problem:
> <snip>
> PKIX path building failed: 
> unable to 
> find valid certification path to requested target
> [This happens] when trying to open an SSL connection to a host using 
> JSSE. What this usually means is that the server is using a test 
> certificate (possibly generated using keytool) rather than a certificate 
> from a well known commercial Certification Authority such as Verisign or 
> GoDaddy. Web browsers display warning dialogs in this case, but since 
> JSSE cannot assume an interactive user is present it just throws an 
> exception by default.
> </snip>
> Because I am somewhat desperate, I have tested that program. It seems to 
> do what the standard keytool does... I copied the generated jssecacert 
> file into my ${jre.home}/lib/security directory and hoped for the 
> best... But it didn't happen :-( I checked that the file was read using 
> a file monitor, and it was read.
> It seems that the solution could only be provided by applications (

> In this case, Maven should provide the option to override the default 
> host name checking algorithm with a do-nothing one.
> Adrian.
> David Williams wrote:
>> Sorry it was late when I replied. = )  Here's the link
>> On 10/11/07, Adrian Herscu <> wrote:
>>> Yeah... Where is the link :-)?
>>> I tried to play with the keytool program. I have imported the SSL
>>> certificate into my key store; this creates a file named .keystore in
>>> C:\Documents and Settings\me. I tried to run Maven and DAVExplorer;
>>> their behavior did not change :-(
>>> Now the weird things:
>>> 1. I have monitored the file access to the .keystore file. When I am
>>> running keytool -list the .keystore file is accessed (seems like my file
>>> monitoring program works). When I am running Maven or DAVExplorer, the
>>> .keystore file is not accessed at all!
>>> 2. Maven is able to upload files to my WebDAV server! If I am building
>>> all my modules locally, then I can run mvn deploy and the files are
>>> uploaded!!!
>>> Adrian.
>>> Tim Kettler wrote:
>>>> Where's the link :-)?
>>>> David Williams schrieb:
>>>>> Adrian,
>>>>> This link may help you.  This java program allows you to manually
>>>>> accept the
>>>>> cert and place the generated file in your JDK or JRE.  Then the java
>>>>> keeps
>>>>> it as an accept cert.  I have not tried this with Maven but it worked
>>>>> with
>>>>> another application where the cert didn't match the server name.  Down
>>>>> side
>>>>> is that it would have to be on every user's machine.
>>>>> Thanks,
>>>>> David
>>>>> On 10/10/07, Adrian Herscu <> wrote:
>>>>>> Hi all,
>>>>>> I am hosting my project sources and binaries with some external
>>>>>> provider. He cannot set up an SSL certificate for my domain name...
>>>>>> Meanwhile, the only alternative is accept those SSL warnings about
>>>>>> domain name mismatch. I am getting them in my browser and also in
>>> SVN
>>>>>> client.
>>>>>> Now I am trying to set up Maven to build and deploy my project to

>>>>>> this
>>>>>> provider. The problem is that I am getting these messages from Maven:
>>>>>> <snip>
>>>>>> [WARNING] repository metadata for: 'snapshot
>>>>>> build-extensions:1.0-alpha-4-SNAPSHOT' could not be retrieved from
>>>>>> repository: s
>>>>>> due to an error: Error transferring file
>>>>>> [INFO] Repository '' will be blacklisted
>>>>>> </snip>
>>>>>> ...and the artifacts cannot be resolved (of course).
>>>>>> I tried to see if this is a JRE specific problem. Downloaded a
>>>>>> Java-based WebDAV client (DAVExplorer), and it fails to connect with
>>>>>> this error message:
>>>>>> Name in certificate ""

>>>>>> does
>>>>>> not match host name ""
>>>>>> Anyone knows about a hidden switch/option/configuration file to make
>>> the
>>>>>> JRE accept the SSL connection even if the host name doesn't match
>>>>>> that on the certificate?
>>>>>> Please help,
>>>>>> Adrian.
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail:
>>>>>> For additional commands, e-mail:
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
>>> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message