Unable to get maven to download from HTTPS URLs behind proxy

Question

From the dependencies that I specify in my pom.xml, the ones that use HTTP URLs gets downloaded but the ones that use HTTPS URLs fails saying:

SEVERE: Proxy authentication error: Credentials cannot be used for NTLM authentication: org.apache.maven.wagon.providers.http.httpclient.auth.UsernamePasswordCredentials

Here is the contents of settings.xml:

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">

<pluginGroups />

<proxies>
    <proxy>
        <id>proxy1</id>
        <active>true</active>
        <protocol>http</protocol>
        <host>proxy.mycompany.com</host>
        <port>6050</port>
        <username>domain\username</username>
        <password>password</password>
        <nonProxyHosts></nonProxyHosts>
    </proxy>
    <proxy>
        <id>proxy2</id>
        <active>true</active>
        <protocol>https</protocol>
        <host>proxy.mycompany.com</host>
        <port>6050</port>
        <username>domain\username</username>
        <password>password</password>
        <nonProxyHosts></nonProxyHosts>
    </proxy>
</proxies>

<servers>
</servers>

<mirrors>
</mirrors>

<profiles>
    <profile>
        <id>centralrepo</id>
        <repositories>
            <repository>
                <id>central</id>
                <url>http://central</url>
                <releases>
                    <enabled>true</enabled>
                </releases>
                <snapshots>
                    <enabled>true</enabled>
                </snapshots>
            </repository>
            <repository>
                <id>fortytwo</id>
                <name>fortytwo.net Maven repository</name>
                <url>http://fortytwo.net/maven2</url>
                <releases>
                    <enabled>true</enabled>
                </releases>
                <snapshots>
                    <enabled>true</enabled>
                </snapshots>
            </repository>
            <repository>
                <id>javanet</id>
                <name>java.net Maven repository</name>
                <url>http://download.java.net/maven/2</url>
                <releases>
                    <enabled>true</enabled>
                </releases>
                <snapshots>
                    <enabled>true</enabled>
                </snapshots>
            </repository>
            <repository>
                <id>scala-tools.org</id>
                <name>Scala-tools Maven2 Repository</name>
                <url>http://scala-tools.org/repo-releases</url>
            </repository>
        </repositories>
        <pluginRepositories>
            <pluginRepository>
                <id>central</id>
                <url>http://central</url>
                <releases>
                    <enabled>true</enabled>
                </releases>
                <snapshots>
                    <enabled>true</enabled>
                </snapshots>
            </pluginRepository>
            <pluginRepository>
                <id>scala-tools.org</id>
                <name>Scala-tools Maven2 Repository</name>
                <url>http://scala-tools.org/repo-releases</url>
            </pluginRepository>                              
        </pluginRepositories>
    </profile>        
</profiles>
</settings>

I googled and found people suggest that I use CNTLM. So, I installed CNTLM and edited the /etc/cntlm.conf file to the following:

#
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#

Username    username
Domain      domain
Password    password
# NOTE: Use plaintext password only at your own risk
# Use hashes instead. You can use a "cntlm -M" and "cntlm -H"
# command sequence to get the right config for your environment.
# See cntlm man page
# Example secure config shown below.
# PassLM          1AD35398BE6565DDB5C4EF70C0593492
# PassNT          77B9081511704EE852F94227CF48A793
### Only for user 'testuser', domain 'corp-uk'
# PassNTLMv2      D5826E9C665C37C80B53397D5C07BBCB

# Specify the netbios hostname cntlm will send to the parent
# proxies. Normally the value is auto-guessed.
#
# Workstation   netbios_hostname

# List of parent proxies to use. More proxies can be defined
# one per line in format <proxy_ip>:<proxy_port>
#
Proxy       proxy.mycompany.com:6050

# List addresses you do not want to pass to parent proxies
# * and ? wildcards can be used
#
NoProxy     localhost, 127.0.0.*, 10.*, 192.168.*

# Specify the port cntlm will listen on
# You can bind cntlm to specific interface by specifying
# the appropriate IP address also in format <local_ip>:<local_port>
# Cntlm listens on 127.0.0.1:3128 by default
#
Listen      3128

# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy    8010
#SOCKS5User dave:password

# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I won't have it's usage on my
# conscience. :) Really, try -M first.
#
#Auth       LM
#Flags      0x06820000

# Enable to allow access from other computers
#
#Gateway    yes

# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
#Allow      127.0.0.1
#Deny       0/0

# GFI WebMonitor-handling plugin parameters, disabled by default
#
#ISAScannerSize     1024
#ISAScannerAgent    Wget/
#ISAScannerAgent    APT-HTTP/
#ISAScannerAgent    Yum/

# Headers which should be replaced if present in the request
#
#Header     User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

# Tunnels mapping local port to a machine behind the proxy.
# The format is <local_port>:<remote_host>:<remote_port>
# 
#Tunnel     11443:remote.com:443

When I try to test CNTLM with sudo cntlm -v -I -M http://google.com, I get the following:

Reading PROXY auth response...
HEAD: HTTP/1.1 407 Proxy Authorization Required
.
.
.
HEAD: HTTP/1.1 407 Proxy Authorization Required
Credentials rejected

I am sure that my credentials are correct as maven is able to download dependencies from HTTP URLs.

About a month ago, my company changed its SSL certificates for the HTTPS proxy and ever since, I have been getting this error.

Help !

score 0 · Answer 1 · edited May 23 '17 at 12:17

0

solution to your problem is https_proxy environment variable with cntlm authentication proxy. please find here answer! contact me if you need any kind of help!

edited May 23 '17 at 12:17

Community

1
1

answered Jul 29 '14 at 21:03

positivecrux

1,307
2
16
35

Unable to get maven to download from HTTPS URLs behind proxy

1 Answers1