How do I use an HTTPS resolver with a self-signed certificate?


(Adrian Abraham) #1

I’m trying to use an authenticated HTTPS Ivy repository, and I’m getting the following error over and over: Checksum missing at https://SNIP/ivy-1.1.xml.sha1 due to: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I see from Google that this is because I haven’t imported this host’s certificate into my local certificate store. I’ve dealt with a similar issue in the past by overriding the trust manager to a “trust-all” implementation, but I don’t see an obvious way to do that with Ivy / Gradle.

What’s the easiest way to take care of this?


(Adrian Abraham) #2

Well, I ended up creating a keystore, including it with the build sources, and editing the wrapper script to use the included keystore. Is there a better way?


#3

At the moment, Gradle doesn’t provide any special functionality for bypassing the built-in trust manager implementation.

Probably the ideal solution is to install the missing certificate into you java keystore.

http://code.google.com/p/misc-utils/wiki/JavaHttpsUrl#Adding_the_certificate_that_is_not_accepted provides some details on how to do this.


Gradle with self-signed certificate