无法使用Nexus通过https / ssl代理Maven回购 [英] Unable to proxy Maven repo over https/ssl with Nexus

问题描述

我按照此页面上的说明进行操作导入服务器证书。

I followed the instructions given on this page to import the server certificate.

当我使用 keytool -list 时，我可以看到证书实际上是在密钥库中。如果我尝试导入 .crt 文件， keytool 警告我密钥库已包含证书。

When I use keytool -list, I can see that the certificate is actually in the keystore. If I try to import the .crt file, keytool warns me that the keystore already contains the certificate.

然后我使用两个ssl选项更新了 wrapper.conf 。重启后，我可以在Nexus进程的命令行上看到它们。

Then I updated wrapper.conf with the two ssl options. I can see them on the command line of the Nexus process after a restart.

但是当我尝试为远程服务器添加代理仓库时，我总是得到 sun.security.validator.ValidatorException：PKIX路径构建失败：sun.security.provider.certpath.SunCertPathBuilderException：无法找到所请求目标的有效证书路径

But when I try to add a proxy repo for the remote server, I always get sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我错过了什么？

推荐答案

您必须将自定义CA证书导入'trustStore '而不是'keyStore'。

You have to import the custom CA certificate into the 'trustStore' and not into the 'keyStore'.

创建'trustStore'的过程与'keyStore'的过程相同。
获得* .jks文件后，使用以下系统属性链接它：

The procedure for creating a 'trustStore' is the same as the one for the 'keyStore'. Once you have your *.jks file then link it using the following system properties:

javax.net.ssl.trustStore=<file>
javax.net.ssl.trustStorePassword=<password>

这篇关于无法使用Nexus通过https / ssl代理Maven回购的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！