Maven: Failed to read artifact descriptor error

Question

I cloned a JAVA repo and when I tried to build it with "mvn install", I got the following error

Could not transfer artifact org.springframework.boot:spring-boot-starter-parent:pom:2.3.2.RELEASE from/to central (https://repo.maven.apache.org/maven2): Transfer failed for https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-starter-parent/2.3.2.RELEASE/spring-boot-starter-parent-2.3.2.RELEASE.pom and 'parent.relativePath' points at no local POM @ line 6, column 13: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 2]

the repo "https://repo.maven.apache.org/maven2" is accessible in my browser when I open it in Chrome.

After some googling, I put a settings.xml file in the .m2 folder looks like this

<?xml version="1.0" encoding="UTF-8"?>
<settings>
  <activeProfiles>
    <!--make the profile active all the time -->
    <activeProfile>securecentral</activeProfile>
  </activeProfiles>
  <profiles>
    <profile>
      <id>securecentral</id>
      <!--Override the repository (and pluginRepository) "central" from the
         Maven Super POM -->    
      <repositories>
        <repository>
          <id>central</id>
          <url>https://repo1.maven.org/maven2</url>
          <releases>
            <enabled>true</enabled>
          </releases>
        </repository>
      </repositories>
      <pluginRepositories>
        <pluginRepository>
          <id>central</id>
          <url>https://repo1.maven.org/maven2</url>
          <releases>
            <enabled>true</enabled>
          </releases>
        </pluginRepository>
      </pluginRepositories>
    </profile>
  </profiles>
</settings>

Now when I run "mvn install", the error for spring-boot goes away. But I am facing this error now:

Failed to read artifact descriptor for org.apache.camel.springboot:camel-salesforce-starter:jar:3.4.2: Could not transfer artifact io.dropwizard.metrics:metrics-bom:pom:4.1.9 from/to central (https://repo.maven.apache.org/maven2): Transfer failed for https://repo.maven.apache.org/maven2/io/dropwizard/metrics/metrics-bom/4.1.9/metrics-bom-4.1.9.pom: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]

My question is, why do I need to manually add and in settings.xml and why I am still getting the error for camel? Thanks

To access your repo you need to have certificate in your jdk's security directory. — Sagar Gangwal, Aug 24 '20 at 17:36

score 1 · Answer 1 · answered Aug 25 '20 at 09:16

You can try to run mvn -U clean install

-U according to Maven CLI options is for

Forces a check for missing releases and updated snapshots on remote repositories

or try to delete the local repository folder. Sometimes it gets messed up when having network problems... You can find your local repo folder in your .m2 folder (on windows: C:\Users<your_username>.m2)

You can delete the whole repository folder or just some part of it. After that just run the mvn clean install

score 1 · Answer 2 · answered Aug 25 '20 at 09:42

1

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Almost certain that root CA certificates on your system are outdated. Try to update your JDK installation. Note that CA certificate used by your browser might not be same as JRE/JDK is using.

Without knowing more details about your system, it's hard to provide more accurate answer.

This answer provides possible workaround.

answered Aug 25 '20 at 09:42

rkosegi

14,165
5
50
83

"Note that CA certificate used by your browser might not be same as JRE/JDK is using." Hmmm..this makes sense...how do I check what CA certificate JRE/JDK is using? I am using JDK 11 so it is not an outdated version. – sean717 Aug 25 '20 at 17:39
Someone at work suggested this : 1) download the CA root cert the browser is using to local 2) copy it to $JAVA_HOME/lib/security folder and 3) then run ‘keytool -importcert -file yourCertFile.pem -keystore cacerts -alias ‘TheCARoot’. Is this something you would suggest as well? Thanks – sean717 Aug 25 '20 at 17:45

score 0 · Accepted Answer · answered Aug 28 '20 at 21:46

OK...got it working.

@rkosegi's answer put me on the right path. The root CA cert used by my browser is different than the one jdk uses. That's why I can view the repo in browser with no error but maven cannot access the repo.

Somehow my company (a financial institution) has a root CA cert overriding all the other root CA cert, that means, when I open any website (for example stackoverflow), the cert path always shows like this:

I am not a system admin and not sure how this is done, but anyhow, all I need to do is save the Root CA cert as a *.CER file and add it to the jdk's cacert folder.

After that, the command "mvn clean install" runs to complete with no error

Maven: Failed to read artifact descriptor error

3 Answers3