3

I am trying a build code a using maven in mac machine but it is getting failed with following error message

PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed: NotAfter: Thu Apr 01 00:59:59 BST 2021

Tried to uninstall and install JDK but this did not help. Also I tried to check cert file in /Library/Java/JavaVirtualMachines/jdk1.8.0_291.jdk/Contents/Home/jre/lib/security but there is no file related cert. Any input would be appreciated greatly

ezhil
  • 977
  • 6
  • 15
  • 36

2 Answers2

8

validity check failed: NotAfter: Thu Apr 01 00:59:59 BST 2021

It is clear : the certificate has expired because today we are after the 01 April 2021.
To fix the problem :

  • either ask to the certificate publisher/owner to provide a new one with a valid date.
  • or run Maven in a way where it will ignore the certificate validity date.

For the latter (with clean package goal for example) you can do :

mvn clean package -Dmaven.wagon.http.ssl.ignore.validity.dates=true

If you want to ignore completely all ssl verifications, you can set all these flags :

mvn clean package -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true

To not repeat the flags at every mvn command executed, you can also set the MAVEN_OPTS env variable such as :

MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true"

Edit

To help diagnostic issue :

  1. see the content of a certificate with openssl (Linux or Mac) such as :

    openssl x509 -in foo.crt -noout -text

To see only dates (@dave_thompson_085) :

openssl x509 -in foo.crt -noout -dates

On Windows, openssl is not required since the file association of the crt should help.

  1. Make maven to run in debug verbosity (-X flag)

    mvn -X clean package

  2. Make maven to run with SSL logs enabled :

mvn -Djavax.net.debug=ssl clean package

You could even use all these flags :

mvn -X \
    -Djavax.net.debug=ssl \
    -Dmaven.wagon.http.ssl.insecure=true \
    -Dmaven.wagon.http.ssl.allowall=true \
    -Dmaven.wagon.http.ssl.ignore.validity.dates=true \
clean package
davidxxx
  • 125,838
  • 23
  • 214
  • 215
  • Or `openssl x509 -in x.pem -noout -dates` displays just the dates. With Java installed, `keytool -printcert -file x.pem_or_der` is another option. – dave_thompson_085 Jun 30 '21 at 21:46
  • Tried with above maven command but it is not skipping and ignoring the cert. giving same build failure – ezhil Jul 01 '21 at 10:54
  • I see cacerts inside /Library/Java/JavaVirtualMachines/jdk1.8.0_291.jdk/Contents/Home/jre/lib/security but this not readable – ezhil Jul 01 '21 at 11:59
  • @david - Can you pls tell what certificate is this? is it java certificate or ssl certificate? – ezhil Jul 01 '21 at 12:01
  • it is an ssl certificate. There is not Java certificate things. I will edit my answer to give you some hints to debug. You should have all required information to understand the issue. – davidxxx Jul 02 '21 at 11:34
0

Try Following things :-

  1. Check for communication if you are behind a firewall or port blocking
  2. SSL certificate if it hasn't expired
Ankur Saxena
  • 177
  • 1
  • 11
  • There is no restriction in firewall. How do i check SSL certificate? I dont see cert file in /Library/Java/JavaVirtualMachines/jdk1.8.0_291.jdk/Contents/Home/jre/lib/security . Should I create a one ? – ezhil Jun 30 '21 at 18:49
  • @ezhil, How did you resolve this issue? – Testilla Apr 04 '22 at 01:54