m2e with ssl certificate-based authentication

Question

TL;DR

How to make Eclipse's built-in Maven connect to an HTTPS repository that uses certificate-based authentication?

It seems that m2e is able to find the keystores, but unable to connect. Command-line Maven works like a charm using exactly the same keystores. Run as -> Maven build works with external Maven and not with the embedded one.

Problem

I have a Maven project with a dependency. That dependency is available in a repository that uses SSL certificate-based authentication in addition to regular username-password combination. I need to make it work in Eclipse Luna, with the built-in Maven. All I am able to get is handshake_failure. Investigation of the logs shows that the built-in Maven is unable to find a matching certificate.

When I use Run as -> Maven build with an external Maven, or command-line Maven, it successfully connects to the repository and fetches the artifact exactly as needed.

The interesting thing is, both external and embedded Mavens have the same version (3.2.3).

Setup

I pass these parameters through eclipse.ini:

-Djavax.net.ssl.trustStore=java.cacerts
-Djavax.net.ssl.trustStorePassword=******
-Djavax.net.ssl.keyStore=private.cacerts
-Djavax.net.ssl.keyStorePassword=******
-Djavax.net.debug=ssl,handshake

The trustStore file contains:

the whole certificate chain for the repository I connect to (the chain ends with a self-signed certificate), one of them being stored under the alias repository.location.url (literal repository location here, e.g. myrepository.com)
certificate for maven central

The keyStore file contains an imported PKCS certificate under an alias of the repository.

There seems to be no problem at all with the setup, as the command-line Maven works. If I use external Maven or command-line one, it works. If I swich to embedded one (which is always used for resolving dependencies), handshake error shows up.

What am I doing wrong? I might be missing something completely obvious. Any help would be appreciated.

My first guess would be proxy settings in Eclipse but even those should be using the VM's keystore :-/ Odd. Which version of Eclipse, Java and m2e? — Aaron Digulla, Oct 27 '14 at 15:17
@AaronDigulla Eclipse Luna 4.4.1, m2e 1.5.0 (with Maven 3.2.1) and 1.6.0 (3.2.3), Java 1.7 and 1.8 (both jdk and jre) — Miki, Oct 28 '14 at 07:07
Your problems is probably the same as installing Eclipse plug-ins from an Update Site with a self-signed certificate: http://eclipsesource.com/blogs/2013/04/19/installing-eclipse-plug-ins-from-an-update-site-with-a-self-signed-certificate/ Your approach above looks correct. — Aaron Digulla, Oct 28 '14 at 12:28
@AaronDigulla Yes, those `-D` things appear after `-vmargs`. The VM that Eclipse uses is able to find the files and list the certificates (with `-Djavax.net.debug=ssl,handshake`), but it fails to find the correct one. Outside of Eclipse's VM, those things work perfectly. — Miki, Oct 29 '14 at 09:36
Feels like a bug. Try to report it at https://bugs.eclipse.org/bugs/enter_bug.cgi?product=m2e — Aaron Digulla, Oct 29 '14 at 10:53

score 5 · Answer 1 · edited Oct 07 '17 at 02:04

5

Options that didn't work for me

Installing certificate to java > jre > lib > security > cacerts
Providing cacerts in java run configuration vm arguments
Updating eclipse to latest versions like mars or neon
Updating maven plugin for eclipse to 1.7.0

Steps that resolved the issue for me

Download certificate file & add in eclipse at Preferences > Remote Systems > SSL > Add
Clear .m2 > repository folder of all existing files
Open eclipse, right-click on project and Select Maven > Update Project. Choose Force Update of Snapshots/Releases

updated on 9/19/2017

If nothing else works, Installing the certificate to Java on your machine @ java > jre > lib > security > cacerts can help

edited Oct 07 '17 at 02:04

Stevoisiak

23,794
27
122
225

answered May 26 '17 at 09:21

Uvaraj Krishna

51
1
5

Thanks for this. It worked after I did Maven > Update Project as advised. – ganime May 17 '18 at 10:13
m2e 1.14.0 (with eclipse 2019.12) here and it still doesn't work... Command line maven works without issue. Both eclipse and command line running same JVM with certificate installed – mirec Mar 16 '20 at 11:22

score 3 · Accepted Answer · answered Aug 12 '15 at 09:46

3

I had exactly the same problem: Eclipse could not connect to external maven repository using embedded maven installation in case the repository requires a client SSL certificate.

The problem was solved by upgrading to latest jvm (in my case - 1.8.0u52) and upgrading Eclipse m2e plugin to version 1.6.1 (with Eclipse version 4.4.0).

answered Aug 12 '15 at 09:46

Alexey Sh.

46
3

seems that the m2e update did the trick, 1.6.1 does not appear to have this problem – Miki Aug 23 '15 at 19:29
1

m2e 1.13.0 (with eclipse 2019.09) here and it still doesn't work... Commandline maven works without issue – mirec Oct 18 '19 at 18:51

score 1 · Answer 3 · answered Apr 17 '15 at 16:16

1

In your run configurations select your maven build and then select the JRE tab at the top of the dialog. Put your SSL parameters into the VM arguments text-area.

that's what fixed it for me.

answered Apr 17 '15 at 16:16

user4802011

11
1

2

The question is about the embedded Maven, i.e. the one that Eclipse uses internally to update the project. The external one, i.e. one used for run configurations, works perfectly fine. – Miki Apr 20 '15 at 05:20

score 0 · Answer 4 · answered Jul 12 '19 at 12:23

0

I managed to fix it by setting external maven in eclipse. Eclipse->Window->Preferences->Maven->Installations->Add

answered Jul 12 '19 at 12:23

Piotr Borowczynski

175
1
8

m2e with ssl certificate-based authentication

4 Answers4