Execution failed for task ':compileJava' confluent.io

I am trying to build the sample How to build a User-Defined Function (UDF) to transform events using ksqlDB (confluent.io) and get the below error. I can go to those specific maven repo locations perfectly fine

Want to mention that I have no trouble in reaching to ‘https://packages.confluent.io/maven/io/confluent/ksql/ksql-udf/5.4.11/ksql-udf-5.4.11.pom’ in my web browser.

For refence this is the project that I am trying out ’ How to build a User-Defined Function (UDF) to transform events using ksqlDB (confluent.io)

Execution failed for task ':compileJava'.
> Could not resolve all files for configuration ':compileClasspath'.
   > Could not resolve io.confluent.ksql:ksql-udf:5.4.11.
     Required by:
         project :
      > Could not resolve io.confluent.ksql:ksql-udf:5.4.11.
         > Could not get resource 'https://packages.confluent.io/maven/io/confluent/ksql/ksql-udf/5.4.11/ksql-udf-5.4.11.pom'.
            > Could not GET 'https://packages.confluent.io/maven/io/confluent/ksql/ksql-udf/5.4.11/ksql-udf-5.4.11.pom'.
               > Got SSL handshake exception during request. It might be caused by SSL misconfiguration
                  > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

There isn’t really anything Gradle specific here. The JVM is trying to validate the SSL certificate being presented when it opens the connection.

The root certificate being used for this URL should be in the Java cacerts already, as it is for the browser. However, if you’ve overwritten your cacerts to trust some internal certificates, or you have an outdated Java version you might not have it. Additionally, if you’re on a corporate network, a proxy could be interfering and providing it’s own self-signed certificate chain, which might be specifically trusted in the browser, but not Java.

Yes, you are correct. This is on the corporate network and believe that’s causing this behavior, have latest version of Java. How could i bypass this? any ideas

I have managed to resolve this issue by importing the confluent.io cert to the cacerts keystore using keystore Explorer.

  • Go to the website of the pom file and download the cert from the browser when you browse to that .pom file above (For the case above you would get confluent.io.crt)
  • Install keystore explorer and then invoke it as admin (On windows, otherwise file write will fail). ‘Open the CA Certificates KeyStore’ and then Tools/import as a trusted cert, save the file and your Gradle builds are good (You can also do this via the java keytool import as well)