Gradle 1.12 wrapper fails

|> gradlew clean Downloading https://services.gradle.org/distributions/gradle-1.12-bin.zip

Exception in thread “main” java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:78)

at org.gradle.wrapper.Install.createDist(Install.java:44)

at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:126)

at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:55) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1511)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

at org.gradle.wrapper.Download.downloadInternal(Download.java:56)

at org.gradle.wrapper.Download.download(Download.java:42)

at org.gradle.wrapper.Install$1.call(Install.java:57)

at org.gradle.wrapper.Install$1.call(Install.java:44)

at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:65)

… 3 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

at sun.security.validator.Validator.validate(Validator.java:260)

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)

… 20 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

… 26 more

Can we get some info on your OS & JDK please? For some reason you don’t have the DigiCert root in your env.

Debian Sid, Java 8u5.

This was a temporary problem with our infrastructure. Should be fixed now. Thanks for reporting.

I just tried again, 2014-05-02T07:06+01:00 and get the same problem.

Russel’s problem is different. His JDK install doesn’t have the DigiCert Root CA cert by the sounds of things.

We haven’t had any other similar reports, so I suspect the root keystore is different for that packaging.

Luke, I believe I am using the standard Oracle JDK8u5. I guess it should be easy to check if the certificates are in there? CAn you tell me what I should look for?

Can you provide the output of this please:

‘keytool -keystore “$JAVA_HOME\jre\lib\security\cacerts” -storepass changeit -list’

Luke,

You really need to use a proper operating system, \ is not a valid subdirectory separator.

|> keytool -keystore “$JAVA_HOME/jre/lib/security/cacerts” -storepass changeit -list

Keystore type: JKS Keystore provider: SUN

Your keystore contains 81 entries

digicertassuredidrootca, 16-Apr-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43 trustcenterclass2caii, 29-Apr-2008, trustedCertEntry,

Certificate fingerprint (SHA1): AE:50:83:ED:7C:F4:5C:BC:8F:61:C6:21:FE:68:5D:79:42:21:15:6E thawtepremiumserverca, 11-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): E0:AB:05:94:20:72:54:93:05:60:62:02:36:70:F7:CD:2E:FC:66:66 swisssignplatinumg2ca, 31-Oct-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66 swisssignsilverg2ca, 31-Oct-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB thawteserverca, 11-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): 9F:AD:91:A6:CE:6A:C6:C5:00:47:C4:4E:C9:D4:A5:0D:92:D8:49:79 equifaxsecureebusinessca1, 18-Jul-2003, trustedCertEntry,

Certificate fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41 utnuserfirstclientauthemailca, 02-May-2006, trustedCertEntry,

Certificate fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A thawtepersonalfreemailca, 11-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): E6:18:83:AE:84:CA:C1:C1:CD:52:AD:E8:E9:25:2B:45:A6:4F:B7:E2 entrustevca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9 utnuserfirsthardwareca, 02-May-2006, trustedCertEntry,

Certificate fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7 certumca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18 addtrustclass1ca, 02-May-2006, trustedCertEntry,

Certificate fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D entrustrootcag2, 22-Jun-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4 equifaxsecureca, 18-Jul-2003, trustedCertEntry,

Certificate fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A quovadisrootca3, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85 quovadisrootca2, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7 digicerthighassuranceevrootca, 16-Apr-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25 secomvalicertclass1ca, 02-Jun-2008, trustedCertEntry,

Certificate fingerprint (SHA1): E5:DF:74:3C:B6:01:C4:9B:98:43:DC:AB:8C:E8:6A:81:10:9F:E4:8E equifaxsecureglobalebusinessca1, 18-Jul-2003, trustedCertEntry,

Certificate fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45 geotrustuniversalca, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79 verisignclass3ca, 11-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B thawteprimaryrootcag3, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 thawteprimaryrootcag2, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 deutschetelekomrootca2, 14-Nov-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF buypassclass3ca, 06-Jan-2014, trustedCertEntry,

Certificate fingerprint (SHA1): DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57 utnuserfirstobjectca, 02-May-2006, trustedCertEntry,

Certificate fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46 geotrustprimaryca, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96 buypassclass2ca, 06-Jan-2014, trustedCertEntry,

Certificate fingerprint (SHA1): 49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99 baltimorecodesigningca, 10-May-2002, trustedCertEntry,

Certificate fingerprint (SHA1): 30:46:D8:C8:88:FF:69:30:C3:4A:FC:CD:49:27:08:7C:60:56:7B:0D verisignclass1ca, 11-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1 baltimorecybertrustca, 10-May-2002, trustedCertEntry,

Certificate fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 starfieldclass2ca, 20-Jan-2005, trustedCertEntry,

Certificate fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A camerfirmachamberscommerceca, 31-Oct-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1 ttelesecglobalrootclass3ca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 verisignclass3g5ca, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5 ttelesecglobalrootclass2ca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 trustcenteruniversalcai, 29-Apr-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 6B:2F:34:AD:89:58:BE:62:FD:B0:6B:5C:CE:BB:9D:D9:4F:4E:39:F3 verisignclass3g4ca, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A verisignclass3g3ca, 25-Mar-2004, trustedCertEntry,

Certificate fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6 certplusclass3pprimaryca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 21:6B:2A:29:E6:2A:00:CE:82:01:46:D8:24:41:41:B9:25:11:B2:79 certumtrustednetworkca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E verisignclass3g2ca, 25-Mar-2004, trustedCertEntry,

Certificate fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F globalsignr3ca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD utndatacorpsgcca, 02-May-2006, trustedCertEntry,

Certificate fingerprint (SHA1): 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4 secomscrootca2, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74 gtecybertrustglobalca, 10-May-2002, trustedCertEntry,

Certificate fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74 secomscrootca1, 02-Jun-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 trustcenterclass4caii, 29-Apr-2008, trustedCertEntry,

Certificate fingerprint (SHA1): A6:9A:91:FD:05:7F:13:6A:42:63:0B:B1:76:0D:2D:51:12:0C:16:50 verisignuniversalrootca, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 globalsignr2ca, 02-Aug-2007, trustedCertEntry,

Certificate fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE certplusclass2primaryca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB digicertglobalrootca, 16-Apr-2008, trustedCertEntry,

Certificate fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36 globalsignca, 19-Mar-2008, trustedCertEntry,

Certificate fingerprint (SHA1): B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C thawteprimaryrootca, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81 geotrustglobalca, 18-Jul-2003, trustedCertEntry,

Certificate fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12 soneraclass2ca, 28-Mar-2006, trustedCertEntry,

Certificate fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27 verisigntsaca, 31-Oct-2008, trustedCertEntry,

Certificate fingerprint (SHA1): BE:36:A4:56:2F:B2:EE:05:DB:B3:D3:23:23:AD:F4:45:08:4E:D6:56 soneraclass1ca, 28-Mar-2006, trustedCertEntry,

Certificate fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF quovadisrootca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9 valicertclass2ca, 20-Jan-2005, trustedCertEntry,

Certificate fingerprint (SHA1): 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6 comodoaaaca, 02-May-2006, trustedCertEntry,

Certificate fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 addtrustqualifiedca, 02-May-2006, trustedCertEntry,

Certificate fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF keynectisrootca, 23-Apr-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 9C:61:5C:4D:4D:85:10:3A:53:26:C2:4D:BA:EA:E4:A2:D2:D5:CC:97 aolrootca2, 19-Mar-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84 addtrustexternalca, 02-May-2006, trustedCertEntry,

Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 verisignclass2g3ca, 25-Mar-2004, trustedCertEntry,

Certificate fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11 aolrootca1, 19-Mar-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A verisignclass2g2ca, 25-Mar-2004, trustedCertEntry,

Certificate fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D geotrustprimarycag3, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD geotrustprimarycag2, 10-Dec-2009, trustedCertEntry,

Certificate fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 swisssigngoldg2ca, 31-Oct-2008, trustedCertEntry,

Certificate fingerprint (SHA1): D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61 entrust2048ca, 22-Jun-2010, trustedCertEntry,

Certificate fingerprint (SHA1): 50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31 chunghwaepkirootca, 14-Jan-2014, trustedCertEntry,

Certificate fingerprint (SHA1): 67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 camerfirmachambersignca, 31-Oct-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C camerfirmachambersca, 31-Oct-2008, trustedCertEntry,

Certificate fingerprint (SHA1): 78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C entrustsslca, 09-Jan-2003, trustedCertEntry,

Certificate fingerprint (SHA1): 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39 godaddyclass2ca, 20-Jan-2005, trustedCertEntry,

Certificate fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4 verisignclass1g3ca, 25-Mar-2004, trustedCertEntry,

Certificate fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5 secomevrootca1, 02-Jun-2008, trustedCertEntry,

Certificate fingerprint (SHA1): FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D verisignclass1g2ca, 25-Mar-2004, trustedCertEntry,

Certificate fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47

Copy/paste error re the 's.

So the cert in question is the very first one listed. This leads me to believe that there’s some custom config on your machine that is changing the JVM to use a different set of CA certs.

Might be worth running a build that outputs ‘System.getProperties()’. Please paste that here, but do a pass to make sure there’s nothing sensitive in there first.

Luke,

Given that direction, I find javax.net.ssl.keyStore has a value ~/.keystore, ditto javax.net.ssl.trustStore, which must come from doing some fiddling with Hibernate 3 or 4 years ago. The question is where is this being set, and why is Gradle/JVM then not looking in the default key store.

So I think we have the problem: you were quite right, my local settings are the problem. However this is bound to be a similar problem for anyone who has used the keytool command without specifying a file.

{jna.platform.library.path=/lib64, java.runtime.name=Java™ SE Runtime Environment, java.vm.version=25.5-b02, sun.boot.library.path=/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/amd64, java.vm.vendor=Oracle Corporation, java.vendor.url=http://java.oracle.com/, path.separator=:, java.vm.name=Java HotSpot™ 64-Bit Server VM, file.encoding.pkg=sun.io, sun.os.patch.level=unknown, user.country=GB, sun.java.launcher=SUN_STANDARD, java.vm.specification.name=Java Virtual Machine Specification, user.dir=/home/users/russel/Progs/Applications/Factorial/Java, java.runtime.version=1.8.0_05-b13, java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment, os.arch=amd64, java.endorsed.dirs=/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/endorsed, java.io.tmpdir=/tmp, line.separator= , org.gradle.appname=gradle, java.vm.specification.vendor=Oracle Corporation, javax.net.ssl.keyStore=/home/users/russel/.keystore, os.name=Linux, jna.boot.library.path=/home/users/russel/.gradle/native/jna/linux-amd64, javax.net.ssl.keyStorePassword=XXXXXX, sun.jnu.encoding=UTF-8, java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib, javax.net.ssl.trustStore=/home/users/russel/.keystore, java.class.version=52.0, java.specification.name=Java Platform API Specification, sun.management.compiler=HotSpot 64-Bit Tiered Compilers, os.version=3.14-1-amd64, user.home=/home/users/russel, user.timezone=Europe/London, java.awt.printerjob=sun.print.PSPrinterJob, file.encoding=UTF-8, java.specification.version=1.8, user.name=russel, java.class.path=/home/users/russel/.gvm/gradle/1.12/lib/gradle-launcher-1.12.jar, java.vm.specification.version=1.8, sun.arch.data.model=64, sun.java.command=org.gradle.launcher.GradleMain output, java.home=/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre, user.language=en, java.specification.vendor=Oracle Corporation, awt.toolkit=sun.awt.X11.XToolkit, java.vm.info=mixed mode, java.version=1.8.0_05, java.ext.dirs=/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/ext:/usr/java/packages/lib/ext, sun.boot.class.path=/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/resources.jar:/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/rt.jar:/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/sunrsasign.jar:/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/jsse.jar:/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/jce.jar:/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/charsets.jar:/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/lib/jfr.jar:/home/users/russel/lib.Linux.x86_64/jdk1.8.0_05/jre/classes, java.vendor=Oracle Corporation, file.separator=/, java.vendor.url.bug=http://bugreport.sun.com/bugreport/, sun.io.unicode.encoding=UnicodeLittle, sun.cpu.endian=little, javax.net.ssl.trustStorePassword=XXXXXX, sun.desktop=gnome, sun.cpu.isalist=}

I have to admit I am now a bit concerned about the java.library.path setting.

Yes, javax.net.ssl.trustStore is the problem. You need to not use a custom trust store or put the DigiCert CA cert in your custom trust store.

The real question of the moment is how to not have the custom store, I deleted it and Java still tried to use it

I’d check your shell init scripts to see if something is setting the JAVA_OPTS env var.

'Fraid not, I tried all that. keytool always defaults to ~/.keystore. I have no idea though where JVM gets it’s default from, there must be a key set in a file somewhere. But where?

I’m not sure sorry. The only other place Gradle will look is ~/.gradle/gradle.properties

I’ll hunt it out and report back.

I removed all the ~/.java stuff and the next JVM run created a new preferences set up. Things are now working.

In the end very simple fix, not a Gradle problem.