“PKIX path building failed” and “unable to find valid certification path to requested target” when fetching sbt plugins

0
votes

I've installed java (11 - openjdk 11.0.2), scala (2.13.1) and sbt (1.3.4) using homebrew. Then i tried to add certificate to java's keystore:

keytool -import -alias "my-cert" -keystore "$JAVA_HOME/lib/security/cacerts" -file ~/my-cert.cert

But when i try to use sbt (via idea or from console) i get these kind of errors:

:::: ERRORS Server access Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target url=https://repo1.maven.org/maven2/com/eed3si9n/sjson-new-scalajson_2.12/0.8.2/sjson-new-scalajson_2.12-0.8.2.pom

Server access Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target url=https://repo1.maven.org/maven2/com/eed3si9n/sjson-new-scalajson_2.12/0.8.2/sjson-new-scalajson_2.12-0.8.2.jar

Server access Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target url=https://repo.scala-sbt.org/scalasbt/maven-snapshots/com/eed3si9n/sjson-new-scalajson_2.12/0.8.2/sjson-new-scalajson_2.12-0.8.2.pom

Server access Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target url=https://repo.scala-sbt.org/scalasbt/maven-snapshots/com/eed3si9n/sjson-new-scalajson_2.12/0.8.2/sjson-new-scalajson_2.12-0.8.2.jar

I also tried to add certificate for repo.scala-sbt (https://stackoverflow.com/a/54746436):

keytool -import -alias "scala-sbt" -keystore "$JAVA_HOME/lib/security/cacerts" -file ~/scala-sbt.cert

But this also didn't help. How can i fix this?

Tried this:

   keytool -importcert -trustcacerts -alias "my-cert" -keystore "$JAVA_HOME/lib/security/cacerts" -file ~/my-cert.cert

And this didn't help to

To connect to the internet i use cisco anyconnect. All certificate file formats were changed to *.pem as recommended but this didn't help too

1
javascalasslsbtssl-certificate
Is there are firewall between your computer and repo1.maven.org that decodes TLS messages?savas
@savas i'm not sure, but most likely yesNikita
Then you may need to add root certificate to keystore and pass keystore to sbt like sbt "-Djavax.net.ssl.trustStore=cacerts" compile.savas
Still not working :( Probably, i missed somethingNikita

1 Answers

0
votes

I would recommend dividing problem to two parts:

1) Adding required intermediate and root certificates to keystore. Then you can test this step with a simple java application (like SSLPoke) instead of sbt.

https://github.com/MichalHecko/SSLPoke.

2) Ensuring sbt is using the correct keysotre. You can pass your keystore to application using the jvm parameter "-Djavax.net.ssl.trustStore"

You may use a local artifactory server to mitigate this problem if your corporate is behind a firewall that offloads ssl traffic.