Maven error, PKIX path building failed: unable to find valid certification path to requested target

Question

There are two remote servers are presents. Supposed we named them as a A and B. My java code is committed and up to date on GIT repository. I pulled the code on both server A and B. When I use mvn clean package install on server A, its working properly and build get successfully completed. But When I use mvn clean package install for server B its giving me following error with build failure massage.

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] oagi-srt ........................................... SUCCESS [  0.292 s]
[INFO] oagi-srt-common .................................... SUCCESS [  1.959 s]
[INFO] oagi-srt-repository ................................ SUCCESS [  2.357 s]
[INFO] oagi-srt-service ................................... SUCCESS [  2.064 s]
[INFO] oagi-srt-import .................................... SUCCESS [  3.064 s]
[INFO] oagi-srt-webapp .................................... FAILURE [ 21.398 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 31.539 s
[INFO] Finished at: 2017-08-10T11:50:10+00:00
[INFO] Final Memory: 44M/303M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project srt-webapp: Could not resolve dependencies for project org.oagi:srt-webapp:war:1.0.0: Failed to collect dependencies at org.joinfaces:jsf-spring-boot-starter:jar:2.2.7 -> org.primefaces.extensions:all-themes:jar:1.0.8 -> org.primefaces.themes:afterdark:jar:1.0.8: Failed to read artifact descriptor for org.primefaces.themes:afterdark:jar:1.0.8: Could not transfer artifact org.primefaces.themes:themes-project:pom:1.0.8 from/to prime-repo-new (http://repository.primefaces.org): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <goals> -rf :srt-webapp

Note:-If i directly place project war file in tomcat and restart the server, my application is working properly as I expected on both server.

Answer 1

My company IT policies blocked maven repo https because the certificate expired date is short. Importing certificate is painful. So I used this way to fix it:

• change to latest maven (verified on version 3.6.3)
• add those parameters

mvn clean package -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true

Answer 2

It seems your B server does not have the certificates to access the repository, try to compare the environment certificates between servers A and B.

Also check this question: How do I find out what keystore my JVM is using?

Answer 3

I get this problem when my JRE does not have the correct certificate to get through my companies proxy and out to the repo.

Step 1 will depend on your IT department. You'll need to find the .crt file that gets you through your https proxy, and download it as Your_Proxy.crt

Step 2 is running "mvn -version" to make 100% sure you know which JRE your maven is using.

Step 3 is going to the JRE folder in an administrator mode using Powershell on windows or sudo on linux and

./bin/keytool.exe -importcert -ckeystore cacerts -file Your_Proxy.crt -alias Add_name_here

... you will need to know your keystore's password, which often defaults to "changeit"

Answer 4

I had the same error when I ran mvn clean install and for me the solution turned out to be very different...

I had an entry in my maven's settings.xml file for proxy like:

<proxies>
  <proxy>
    ... 
  </proxy>
</proxies>

I tried importing the certs to my cacerts and all, but those did not help.

Only after I removed the above proxy entry, it worked. (possibly the proxy settings changed in our corporate and so the above setting I had from some time back became invalid)

Answer 5

If you are using a repository other than apache maven repository, try to use http instead of https in the url.

Answer 6

I know the thread is old. Perhaps this is for the other users who might stumble upon this to find an answer

EM-Creations is right. The use of http will result in the default redirection to https. I've searched through several stackoverflow questions and other sites and the right answer would be to somehow make maven trust the certifcate of the repository/url/site that we wanted to work with

For that first we need to import the (root) certificate of that part site. Please follow this link https://www.comodo.com/support/products/authentication_certs/setup/mac_chrome.php

Now maven by default uses the java keystore trusted certificates and by default the trusted certificates are at {JAVA_HOME}/jre/lib.security/cacerts. So the next step is to add our downloaded certificate to the cacerts. For this you can use either the openssl or keytool commands. I prefer keytool personally and here is a sample one

keytool 
-import 
-storepass <STOREPASS_PASSWORD> 
-noprompt 
-alias < unique  certificate alias for Keystore> 
-keystore <JRE_HOME>/lib/security/cacerts 
-trustcacerts 
-file <certificate file>

for mac users the default execution will result in a permission denied error. So you can use sudo to make it executable and writable