primefaces on maven repos have dependency on primefaces.org

0
votes

I am trying to use Primefaces 5.3 with a maven build on Bluemix, using the redmond theme from the 1.0.8 primefaces extensions. However, it seems I have run into a dependency issue.

1) When I leave out the all-themes artifact from the org.primefaces.extensions group, I get an exception that the themes.css could not be found. 2) When I edit in the all-themes artifact and stay with the maven repository only, I get a dependency error, as there seems to be a dependency to an artifact that is only on primefaces.org but not on maven.org, namely at least the afterdark pom.xml seems to refer to primefaces.org 3) When I edit in the primefaces.org repository, I get a build error on Bluemix, because Bluemix does not seem to trust the SSL certificate from primefaces.org:

[ERROR] ...Could not transfer artifact org.primefaces.themes:afterdark:pom:1.0.8 from/to prime-repo (https://repository.primefaces.org/): com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: [ERROR] java.security.cert.CertPathValidatorException: The certificate issued by CN=DST Root CA X3, O=Digital Signature Trust Co. is not trusted; internal cause is: [ERROR] java.security.cert.CertPathValidatorException: Certificate chaining error

This happens with both http or https used as repository address, so probably the afterdark pom includes the https address anyway....

So maven.org is pointing to some untrusted repository for a dependency, and Bluemix does not accept it.

So what should be the fix (and no, don't suggest not using primefaces): - Is this fixed with any newer version of primefaces? Not sure if I will be able to spend the effort for the upgrade though - can this be fixed in the 1.x versions of primefaces extensions? - I guess I won't be able to change Bluemix to accept the certificate... - is there a way to only use the redmond theme as dependency and not all-themes?

Is there anything I am missing?

Note that locally there is no problem, as maven seems to happily download code from untrusted sources.

1
jsfprimefacesjsf-2ibm-cloud
Additional comment: referring to org.primefaces.themes, artifact redmond works with a local maven build, but creates dependency problems in the local Eclipse as well as on Bluemix, because the dependency cannot be found.André Fachat
Why is maven so inconsistent....?André Fachat
The error is clear and it is not Mavens fault. The (issuer of the) server certificate is not trusted. Just lilke mentioned in the 'Answer'. If it works in one environment and not on another, the is in 99% of the time a local problem. Hope you get it working by doing as the answer states or manually adding it to your local repositoryKukeltje
I wonder if it is not also primefaces' fault as it points to some repository outside of maven central?André Fachat
Why is that 'wrong'? Then maven should have disabled the option to use other repositories. The fact that PrimeFaces uses a modern certificate an your keystore is sort-of-out-of-date, could also be seen as 'wrong' (or a security issue). I personnaly would not call either wrong, just an operational isaue)Kukeltje

1 Answers

1
votes

It looks like the certificate is not available in the jvm trust store and you will need to add it to resolve the problem.