Maven+Nexus+Jenkins SSL certificate error

Question

I have installed certificate to nexus. When i start jenkins builder im getting an error:

[ERROR] Failed to execute goal on project wf-base: Could not resolve dependencies for project 1.0.0o-SNAPSHOT: Failed to collect dependencies at 1.0.0o-SNAPSHOT: 

Failed to read artifact descriptor for 1.0.0o-SNAPSHOT: Could not transfer artifact 1.0.0o-SNAPSHOT from/to Nexus (https://nexus.repository.link): 

sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

Answer 1

Here are some options for those of you (like me) who stumbled on this issue.

1. Import CA in java trust store

The first option is to import your certificate authority(ies) in your jre cacert file using keytool.

This option, although it seems to be the most natural, has one drawbacks: this implies to have write access to the JRE / JDK folders, which is not always the case.

2. Pass trust store as a param to the JVM in Maven using Jenkins

Here is the trick: maven passes a set of parameters to the jvm before it runs. These parameters are wrapped in a variable called MAVEN_OPTS wihch are initialized in the mvn script.

The way to go when using Jenkins is to create an environment variable in your slave or your job, call it MAVEN_OPTS and give it the JVM option:

MAVEN_OPTS
-Djavax.net.ssl.trustStore=your_custom_cert_file

As always, there are many other possibilities but these two are the cleanest ones.

Answer 2

Looks like you're missing a certificate in the chain so your certificate isn't trusted,if it's a self signed certificate you'll need to add it as a root certificate. If the certificate was issued by a CA you'll need to download the missing certificate(s) in the chain and install them.