Maven not using system keystore when custom trusstore provided

Question

We're using a private maven repository which uses a self signed SSL certificate. We've followed the guidelines from Maven official documentation, which tells you to put your CA certificate in a custom trust store, then tell maven to use it using, for example, environment variable MAVEN_OPTS: MAVEN_OPTS="-Xmx512m -Djavax.net.ssl.trustStore=trust.jks -Djavax.net.ssl.trustStorePassword=XXX

This indeed fixes the SSL error for accessing our private repo, but now maven can't find the certificate to access Maven Central ! It seems that providing a custom trust store automatically disables using the system certificates for public repositories.

Another very popular SO question gives a workaround, but to me disabling SSL isn't the solution.

I would expect that providing custom certificates just adds to those from the system.

We've though of adding all system trusted certificates to the custom truststore, but think it's a tedious solution.

Answer 1

Unfortunately, you cannot pass multiple truststores ( custom + system ) to javax.net.ssl.trustStore. When a truststore is passed to that property, it will basically ignore the system one, so that gives you 2 options:

1. Add all the system trusted certificates to your custom truststore ( cumbersome but is only one-time, or very rare, operation )
2. Get a certificate signed by a public CA. For example, you can get free certificates from https://letsencrypt.org/ ( it is a trusted public CA and did I mention that it is free? ). The only downside of let's encrypt is the validity of the certificates which currently they only issue them for a 3 month period.