"peer not authenticated" 与使用 Letsencrypt SSL 保护的网站交谈时(在 JDK7 上)
"peer not authenticated" when talking to websites secured with Letsencrypt SSL (on JDK7)
我正在尝试执行一个简单的 grails config 命令,该命令下面将从 Internet 检索一些 pom、jar 和 zip 文件,配置我的项目。
但是对于其中一个包,这是我遇到的错误(我必须添加 --stacktrace 开关才能显示此错误):
| Error Resolve error obtaining dependencies: Failed to read artifact descriptor for org.grails.plugins:smart-r:zip:16.2-STABLE (NOTE: Stack trace has been filtered. Use --verbose to see entire trace.)
org.eclipse.aether.resolution.ArtifactDescriptorException: Failed to read artifact descriptor for org.grails.plugins:smart-r:zip:16.2-STABLE
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:335)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor(DefaultArtifactDescriptorReader.java:217)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.process(DefaultDependencyCollector.java:466)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.collectDependencies(DefaultDependencyCollector.java:261)
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.collectDependencies(DefaultRepositorySystem.java:317)
at grails.util.BuildSettings.doResolve(BuildSettings.groovy:513)
at grails.util.BuildSettings$_getDefaultProvidedDependencies_closure16.doCall(BuildSettings.groovy:661)
at grails.util.BuildSettings$_getDefaultProvidedDependencies_closure16.doCall(BuildSettings.groovy)
at grails.util.BuildSettings.getDefaultProvidedDependencies(BuildSettings.groovy:655)
at grails.util.BuildSettings.getProvidedDependencies(BuildSettings.groovy:637)
Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.grails.plugins:smart-r:pom:16.2-STABLE from/to repo_transmartfoundation_org_content_repositories_public_ (https://repo.transmartfoundation.org/content/repositories/public/): peer not authenticated
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:460)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:262)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:239)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:320)
... 9 more
Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact org.grails.plugins:smart-r:pom:16.2-STABLE from/to repo_transmartfoundation_org_content_repositories_public_ (https://repo.transmartfoundation.org/content/repositories/public/): peer not authenticated
at org.eclipse.aether.connector.basic.ArtifactTransportListener.transferFailed(ArtifactTransportListener.java:43)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:342)
at org.eclipse.aether.util.concurrency.RunnableErrorForwarder.run(RunnableErrorForwarder.java:67)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector$DirectExecutor.execute(BasicRepositoryConnector.java:649)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector.get(BasicRepositoryConnector.java:247)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(DefaultArtifactResolver.java:536)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:437)
... 12 more
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:493)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:232)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:401)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:840)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:647)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.DecompressingHttpClient.execute(DecompressingHttpClient.java:137)
at org.eclipse.aether.transport.http.HttpTransporter.execute(HttpTransporter.java:294)
at org.eclipse.aether.transport.http.HttpTransporter.implGet(HttpTransporter.java:250)
at org.eclipse.aether.spi.connector.transport.AbstractTransporter.get(AbstractTransporter.java:59)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector$GetTaskRunner.runTask(BasicRepositoryConnector.java:418)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:337)
... 17 more
“https://repo.transmartfoundation.org/content/repositories/public/" website is configured to use a Letsencrypt SSL 证书。
我正在使用 JDK 7u80-windows-x64。
如Letsencrypt forum所述,JDK 7 不信任 Let's Encrypt 根证书。
不过,根据 Java 7 >= 7u111 和 Java 8 >= 8u101 包含这样的根证书,不再需要以下过程。
所以在given script, one should download https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der里面写的在本地导入<JAVA_HOME>/jre/lib/security/cacerts.
在此过程之前,不要忘记备份 cacerts 文件以备不时之需。
这是 windows 上的命令:
keytool -delete -alias letsencryptauthorityx3 -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit
keytool -trustcacerts -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
以及 Linux 上的命令:
keytool -delete -alias letsencryptauthorityx3 -keystore "$JAVA_HOME/jre/lib/security/cacerts" -storepass changeit
keytool -trustcacerts -keystore "$JAVA_HOME/jre/lib/security/cacerts" -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
(也从 的类似问题中得到启发,但并不完全相同)
我正在尝试执行一个简单的 grails config 命令,该命令下面将从 Internet 检索一些 pom、jar 和 zip 文件,配置我的项目。
但是对于其中一个包,这是我遇到的错误(我必须添加 --stacktrace 开关才能显示此错误):
| Error Resolve error obtaining dependencies: Failed to read artifact descriptor for org.grails.plugins:smart-r:zip:16.2-STABLE (NOTE: Stack trace has been filtered. Use --verbose to see entire trace.)
org.eclipse.aether.resolution.ArtifactDescriptorException: Failed to read artifact descriptor for org.grails.plugins:smart-r:zip:16.2-STABLE
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:335)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor(DefaultArtifactDescriptorReader.java:217)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.process(DefaultDependencyCollector.java:466)
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.collectDependencies(DefaultDependencyCollector.java:261)
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.collectDependencies(DefaultRepositorySystem.java:317)
at grails.util.BuildSettings.doResolve(BuildSettings.groovy:513)
at grails.util.BuildSettings$_getDefaultProvidedDependencies_closure16.doCall(BuildSettings.groovy:661)
at grails.util.BuildSettings$_getDefaultProvidedDependencies_closure16.doCall(BuildSettings.groovy)
at grails.util.BuildSettings.getDefaultProvidedDependencies(BuildSettings.groovy:655)
at grails.util.BuildSettings.getProvidedDependencies(BuildSettings.groovy:637)
Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.grails.plugins:smart-r:pom:16.2-STABLE from/to repo_transmartfoundation_org_content_repositories_public_ (https://repo.transmartfoundation.org/content/repositories/public/): peer not authenticated
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:460)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:262)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:239)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:320)
... 9 more
Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact org.grails.plugins:smart-r:pom:16.2-STABLE from/to repo_transmartfoundation_org_content_repositories_public_ (https://repo.transmartfoundation.org/content/repositories/public/): peer not authenticated
at org.eclipse.aether.connector.basic.ArtifactTransportListener.transferFailed(ArtifactTransportListener.java:43)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:342)
at org.eclipse.aether.util.concurrency.RunnableErrorForwarder.run(RunnableErrorForwarder.java:67)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector$DirectExecutor.execute(BasicRepositoryConnector.java:649)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector.get(BasicRepositoryConnector.java:247)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(DefaultArtifactResolver.java:536)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:437)
... 12 more
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:493)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:232)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:401)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:840)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:647)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.DecompressingHttpClient.execute(DecompressingHttpClient.java:137)
at org.eclipse.aether.transport.http.HttpTransporter.execute(HttpTransporter.java:294)
at org.eclipse.aether.transport.http.HttpTransporter.implGet(HttpTransporter.java:250)
at org.eclipse.aether.spi.connector.transport.AbstractTransporter.get(AbstractTransporter.java:59)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector$GetTaskRunner.runTask(BasicRepositoryConnector.java:418)
at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:337)
... 17 more
“https://repo.transmartfoundation.org/content/repositories/public/" website is configured to use a Letsencrypt SSL 证书。
我正在使用 JDK 7u80-windows-x64。
如Letsencrypt forum所述,JDK 7 不信任 Let's Encrypt 根证书。
不过,根据
所以在given script, one should download https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der里面写的在本地导入<JAVA_HOME>/jre/lib/security/cacerts.
在此过程之前,不要忘记备份 cacerts 文件以备不时之需。
这是 windows 上的命令:
keytool -delete -alias letsencryptauthorityx3 -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit
keytool -trustcacerts -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
以及 Linux 上的命令:
keytool -delete -alias letsencryptauthorityx3 -keystore "$JAVA_HOME/jre/lib/security/cacerts" -storepass changeit
keytool -trustcacerts -keystore "$JAVA_HOME/jre/lib/security/cacerts" -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
(也从