发表新帖
发表新帖

scala sbt and corporate proxy - SunCertPathBuilderException

前端 未结
关注
5 656
太阳男子
太阳男子 2020-12-06 01:44

When I try to use SBT some files cannot be downloaded with the following error:

Server access Error: sun.security.validator.ValidatorException: PKIX

相关标签:
5条回答
  • 栀梦
    2020-12-06 02:09

    This error can also happen if you use an outdated Java version. I've got this error using Java version 1.8.0_45-b14. Updating to Java version 11.0.2+7 (2018-10-16) solved it for me.

    Just for reference, the full error message I got was:

    [error] typesafe-ivy-releases: unable to get resource for com.geirsson#sbt-scalafmt;1.6.0-RC4: res=https://repo.typesafe.com/typesafe/ivy-releases/com.geirsson/sbt-scalafmt/1.6.0-RC4/jars/sbt-scalafmt.jar: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    Switching to the newer Java version solved it instantly.

    0 讨论(0)
  • 后悔当初
    2020-12-06 02:10

    This solved the problem:

    Add -Djavax.net.ssl.trustStore="C:\Program Files\Java\jre1.8.0_121\lib\security\cacerts" to the sbt config file (sbtconfig).

    If using IntelliJ Idea, click on "SBT Settings" -> JVM Options -> VM Parameters and add the same line.

    The path is the path to the cacerts file that resides on the JDK path -> lib -> security.

    It is necessary to import the proxy certificate with the keystore tool, as described in: SSL certificate problem in a web service proxy

    0 讨论(0)
  • 温柔的废话
    2020-12-06 02:16

    On MacOS, I solved it by running the sbt command with sudo.

    0 讨论(0)
  • 走了就别回头了
    2020-12-06 02:17

    If I recall correctly, SBT indirectly uses an old version of apache commons httpclient (3.1) which doesn't respect the java system properties for specifying truststores by default.

    I can think of three potential solutions:

    1. Use a proxy repository like artifactory so SBT can only has to connect to the proxy and the proxy can take care of https outwards via the corporate proxy.

    2. Install the corporate issuing certificate into the default truststore for the JVM (usually %JDK_HOME%/jre/lib/security/cacerts). You would have to do this each time you run a new JRE.

    3. Try using coursier. It's a plugin for SBT which provides a different way of fetching dependencies that does not go through apache httpclient. It uses an http library which I think should respect the java system properties for truststore. It's also much faster.

    0 讨论(0)
  • 自闭症患者
    2020-12-06 02:31

    So this happens when you are behind a proxy and we need the proxy server certificate to be added to the java truststore 

    cp $JAVA_HOME/jre/lib/security/cacerts <some accessible dir>/
# Get the certificate of the proxy server and store it in a file-proxy.pem
keytool -keystore cacerts -import -file proxy.pem -alias my_proxy
# Now we can invoke sbt with following config
sbt  "-Djavax.net.ssl.trustStore=/path/to/included/proxycert/cacerts" compile
    0 讨论(0)
 看不清?
提交回复
热议问题