Nexus behind SSL - not allowing connection
Hafer, Christopher G
| This message was sent securely by MUSC |
I have Nexus 3.5.0 working behind Nginx (proxy_pass http://localhost:8081) on Ubuntu 16.04 LTS.
· When trying to publish a Talend Job to the Nexus Repository using the 8081 port, it publishes it fine.
· When trying to publish to the HTTPS URL, it fails with the Handshake error: …. Bunch of other stuff… [Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target…etc…]
I believe the issue is the SSL Cert is not in the Java keystore, thus not being trusted. I have added the cert to the main java “cacerts” keystore on the Nexus system but I still get the error.
The question I have is “which” keystore does the cert need to be added to; local computer’s java keystore (job publishing is “from” local machine’s Talend Studio), to the main java’s keystore (cacerts) on Nexus system, or the Maven keystore used by Nexus?
Thank you,
Christopher G. Hafer
MUSC Information Solutions
System Analyst II | Administrative & Financial Applications
Medical University of South Carolina
ha...@musc.edu | Ph: 843-209-3315
"Harnessing the power of information to improve the lives we touch"
-------------------------------------------------------------------------
This message was secured via TLS by MUSC.
Rich Seddon
--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users+unsubscribe@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/A35D3E6883C8144BA8C3B5485183C3C069D0D862%40exg-mb10b.clinlan.local.
For more options, visit https://groups.google.com/a/glists.sonatype.com/d/optout.
Hafer, Christopher G
Never mind, the host and intermediate SSL Certs were not bundled for the Nginx config causing the PKIX break (broken SSL cert chain).
Thank you,
Christopher G. Hafer
MUSC Information Solutions
System Analyst II | Administrative & Financial Applications
Medical University of South Carolina
ha...@musc.edu | Ph: 843-209-3315
"Harnessing the power of information to improve the lives we touch"
From: Hafer, Christopher G
Sent: Friday, August 25, 2017 2:03 PM
To: Nexus Users <nexus...@glists.sonatype.com>
Subject: Nexus behind SSL - not allowing connection
I have Nexus 3.5.0 working behind Nginx (proxy_pass http://localhost:8081) on Ubuntu 16.04 LTS.
· When trying to publish a Talend Job to the Nexus Repository using the 8081 port, it publishes it fine.
· When trying to publish to the HTTPS URL, it fails with the Handshake error: …. Bunch of other stuff… [Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target…etc…]
I believe the issue is the SSL Cert is not in the Java keystore, thus not being trusted. I have added the cert to the main java “cacerts” keystore on the Nexus system but I still get the error.
The question I have is “which” keystore does the cert need to be added to; local computer’s java keystore (job publishing is “from” local machine’s Talend Studio), to the main java’s keystore (cacerts) on Nexus system, or the Maven keystore used by Nexus?
Thank you,
Christopher G. Hafer
MUSC Information Solutions
System Analyst II | Administrative & Financial Applications
Medical University of South Carolina
ha...@musc.edu | Ph: 843-209-3315
"Harnessing the power of information to improve the lives we touch"