Continuing the discussion from How do I use an HTTPS resolver with a self-signed certificate?:
Is there any way to tell gradle, here is my certificate and use it in order to reach my artifactory?
There are solutions that insert certificate in the system or in Java Security.
But I wanted some better solution that will not require any setup from user side, after cloning my repository.
Solution : 1 (Working)
task signJars(type: GradleBuild) {
new File(âbuild/signedâ).mkdirs()
fileTree(âbuild/unsignedâ).each { File file ->
ant.signjar(destDir: âbuild/signedâ, jar: file, alias:âtestâ, keystore:âtestkeystoreâ, storepass:âxxxxxxxxxâ, preservelastmodified:âtrueâ)
}
}
Keep your jars required for self signing in âbuild/unsignedâ using other task or refer the library files directly.
One Bug in above task:
If you are running above task without type: GradleBuild
after cleaning the build , build/signed directory will not be created.
Solution : 2
The below code will work without cleaning the build. It build is cleaned it wonât work.
task signJars {
new File(âbuild/signedâ).mkdirs()
fileTree(âbuild/unsignedâ).each { File file ->
ant.signjar(destDir: âbuild/signedâ, jar: file, alias:âtestâ, keystore:âtestkeystoreâ, storepass:âxxxxxxxxxâ, preservelastmodified:âtrueâ)
}
}
I think you misunderstood me.
I mean not singing JARs but resolving dependency that resides in such artifactory that has self signed SSL certificate.
Okay. Thanks for your feedback.
I created a new java keystore, which I check in with my gradlew script. Then in my gradlew and gradlew.bat files I include
DEFAULT_JVM_OPTS="-Djavax.net.ssl.trustStore=${APP_HOME}/gradle.keystore -Djavax.net.ssl.trustStorePassword=<your_password>"
It does mean my keystore can get out of date, but itâs easy enough to update.
Thank you @aflat!
That solved my problem.
I added that flag in gradle properties and since then it works as expected.
It works!
Hello there! Is there any tutorial that you followed to do these steps? Or could you please show me how to do each step?
Thanks!!
No, unfortunately I could not find any tutorial, but I solved with lots of Trial and Error.
Here I will try to explain steps in more details.
Export certificates of Your Artifactory
Open your artifactory in browser and export it (in order to get certificate from chrome browser open console, move to security tab and click view certificates, after that you will be able to export by dragging certificate icon to desktop).
Copied default ca file from Java/Security
Copy Keystore cacerts from /Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/jre/lib/security/ (Note that this path will vary from machine to machine, depending on java version and other factors.
Added Certificates in ca file
Import exported certificate in cacerts using command
keytool -import -alias yourartifactory.com -file exported_certificate.cer -keystore cacerts -storepass password
Copied ca file in Project
Place cacerts in project root directory.
Added DEFAULT_JVM_OPTS
Add jvm arguments
org.gradle.jvmargs=-Djavax.net.ssl.trustStore="./cacerts" -Djavax.net.ssl.trustStorePassword=password
in gradle.properties file.
the default java cacerts password is changeit
Tested with oracle jdk 171.
the command in point 2 should be
keytool -import -alias yourartifactory.com -file exported_certificate.cer -keystore cacerts -storepass changeit
Thanks, this detailed description was very helpful!
We decided to create a plugin that removes the manual steps and increases portability across build machines.
You saved my day, thank you very much!
This is amazing! Thank you so much! This made integrating sonarqube into my build (our Sonar server uses a self-signed cert) so much easier!