Login/Register
How to tell Maven to disregard SSL errors (and trusting all certs)?
Asked Answered
Solved mavenssl-certificate
P

9

182

I frequently need to run "mvn" command :

mvn -f pom.xml clean install -Dmaven.test.skip=false --settings /Users/myhome/settings.xml -X -Djavax.net.ssl.trustStore=/Users/myhome/truststore.jks -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=dummy -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -U

As I need to integrate with various other domains, so currently every time I have to add their certificate to my truststore.jks to prevent SSL handshake errors.

Is there any way I can configure mvn to ignore SSL errors.

Plummet answered 21/1, 2014 at 8:28 Comment(0)
A
399

You can disable SSL certificate checking by adding one or more of these command line parameters:

  • -Dmaven.wagon.http.ssl.insecure=true - enable use of relaxed SSL check for user generated certificates.
  • -Dmaven.wagon.http.ssl.allowall=true - enable match of the server's X.509 certificate with hostname. If disabled, a browser like check will be used.
  • -Dmaven.wagon.http.ssl.ignore.validity.dates=true - ignore issues with certificate dates.
  • -Dmaven.resolver.transport=wagon - In Maven 3.9.0 and newer, they've switched to using Apache HttpClient 4 by default. You need to use this to switch back to wagon for the above flags to work.

Official documentation: http://maven.apache.org/wagon/wagon-providers/wagon-http/

Here's the oneliner for an easy copy-and-paste:

-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true

Ajay Gautam suggested that you could also add the above to the ~/.mavenrc file as not to have to specify it every time at command line:

$ cat ~/.mavenrc 
MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true"
Adolf answered 21/1, 2014 at 18:49 Comment(14)
I have spring boot /maven project and I am using maven-jaxb2-plugin to generate sources of a webservice. but the certificate expired. So I tried running the maven generate sources with the above agruments in Eclipse. But I still get the error " timestamp check failed " any idea how to solve it in an eclipse / maven environment.Dagmar
The answer does not work for me. I am using maven 3.5.0 and the exceptions I received was PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Does wagon work with MAven 3.5.0?Corelli
Instead, I created a truststore jks and pointed maven to this jks file.Corelli
By Installing the Java Cryptography Extension (JCE) Unlimited Strength (for JDK7 | for JDK8) fix issue for me on maven 3.5.0Fp
Using netbeans 6.8 I added the options to the netbeans maven options under 'Global Execution Options' through the UI and I was able to download from repositories using https.Woodchopper
With Maven 3.3.9 this does not work. I had to use Richard's answer below, adding the insecure mirror to my settings.xml.Sublease
Dan675, Works like a charm!Soldiery
Where to add those proprieties?Amadeo
Please note that maven.wagon.http.ssl.ignore.validity.dates=true only works once you set maven.wagon.http.ssl.insecure=true as well.Revers
-Dmaven.wagon.http.ssl.insecure=true worked for me, running from behind a client proxy that intercepts on SSL.Gonsalve
I get an error as if I'm using a bad syntax: mvn install -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -DskipTests --batch-mode --no-transfer-progress ==> [ERROR] Unknown lifecycle phase ".wagon.http.ssl.insecure=true". You must specify a valid lifecycle phase or a goal in the format <plugin-prefix>:<goal> or <plugin-group-id>:<plugin-artifact-id>[:<plugin-version>]:<goal>. Available lifecycle phases are: validate, initialize, generate-sources, process-sources, generate-resources, .... -> [Help 1]Gammadion
If you're on Maven 3.9.0, you also need to add this: -Dmaven.resolver.transport=wagonUrease
i was missing the 'transport' port. you saved my day..Rhizopod
Iam using this command mvn clean install Dmaven.resolver.transport=wagon Dmaven.resolver.transport=wagon -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true Maven version is 3.9.4 and JDK 17. but still the same issue is comingCavafy
C
50

An alternative that worked for me is to tell Maven to use http: instead of https: when using Maven Central by adding the following to settings.xml:

<settings>
   .
   .
   .
  <mirrors>
    <mirror>
        <id>central-no-ssl</id>
        <name>Central without ssl</name>
        <url>http://repo.maven.apache.org/maven2</url>
        <mirrorOf>central</mirrorOf>
    </mirror>
  </mirrors>
   .
   .
   .
</settings>

Your mileage may vary of course.

Ced answered 10/10, 2017 at 11:27 Comment(5)
Thanks, that worked! And please a note to revert once SSL works because this could lead to users adding non-standard repositories which could host who knows whatSunstone
This doesn't work since Jan 2020 because Maven repo disabled http connectionKeown
Will get this error since Jan 2020: ReasonPhrase:HTTPS Required" , because Maven repo disabled Http connectionKeown
This worked for me. However, I had to add https instead in the URL. Not sure why.Except
This won't work because unsecured http connections are 501 blocked as of Jan 2020. It impacts a few more places than just Central. JCenter, Spring, and Gradle repos are https required too. Read more: Jan 2020, alphabot.com/security/blog/2020/java/…Verleneverlie
S
48

Create a folder ${USER_HOME}/.mvn and put a file called maven.config in it.

The content should be:

-Dmaven.wagon.http.ssl.insecure=true
-Dmaven.wagon.http.ssl.allowall=true
-Dmaven.wagon.http.ssl.ignore.validity.dates=true

Hope this helps.

Solemnity answered 5/2, 2018 at 11:46 Comment(4)
I succeed on directly using those parameters on the command line, but still failed when adding them into the fileKeown
This should actually be configured on project level. maven.apache.org/configure.html#mvn-folderPooley
worked like a charm. I was able to do it under console but not within the IDEJude
I made it work on my IntelliJ IDE by adding them here: Settings > Build, Execution, Deployment > Build Tools > Maven > Importing > VM optionsButlery
M
5

Refer to https://maven.apache.org/resolver/configuration.html, just set aether.connector.https.securityMode=insecure. It works for me with Maven 3.9.4.

Morganmorgana answered 14/8, 2023 at 12:57 Comment(1)
Another useful link since Maven 3.9 : maven.apache.org/guides/mini/guide-resolver-transport.htmlMedication
O
3

If for any reason maven.config should not work:

Try set the content as a environment variable.

Example:

MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dhttps.protocols=TLSv1.2"

After setting the environment variable, you can simply run your mvn command.

For a short test you can set the environment variable for a session

Powershell:

$env:MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dhttps.protocols=TLSv1.2"

Bash:

export MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dhttps.protocols=TLSv1.2"

CMD:

set MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dhttps.protocols=TLSv1.2"
Ochlophobia answered 17/4, 2023 at 8:47 Comment(0)
J
1

I found that the latest jdk16 will fail SSL certificates so I have to use the -Dmaven.wagon.http.ssl.ignore.validity.dates=true to work around; switching to jdk11(LTS) then all problems are gone.

Also jdk1.8 was tested too, which also worked without any parameters; but jdk1.8 is in in no-update mode, better move on to the LTS jdk versions, but not the latest jdk16.

Jerad answered 7/7, 2021 at 16:28 Comment(0)
U
1

If you want to put all the same maven.wagon.http.ssl. settings into ~/.m2/settings.xml instead of ~/.mavenrc, this is what you need to put in the file:

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
  <profiles>
    <profile>
      <id>definedInM2SettingsXML</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <maven.wagon.http.ssl.insecure>true</maven.wagon.http.ssl.insecure>
        <maven.wagon.http.ssl.allowall>true</maven.wagon.http.ssl.allowall>
        <maven.wagon.http.ssl.ignore.validity.dates>true</maven.wagon.http.ssl.ignore.validity.dates>
      </properties>
    </profile>
  </profiles>
</settings>
Urease answered 28/7, 2021 at 18:7 Comment(1)
Apparently, Maven only interprets system properties set in command line or in the MAVEN_ARGS variable. All properties set in settings.xml are available only in Maven running context, to be used in pom.xml file and so. It seems it is too late to configure that kind of Maven behavior in settings.xml. Btw, putting them in settings.xml didn't work for me, I had to rely on MAVEN_ARGS to clean up our command lines.Larynx
C
0

You can also configure m2e to use HTTP instead of HTTPS

force-m2e-to-use-http-instead-of-https

China answered 19/9, 2017 at 16:32 Comment(0)
N
-1

-Dmaven.wagon.http.ssl.insecure=true - enable use of relaxed SSL check for user generated certificates.

Ninefold answered 29/12, 2023 at 13:54 Comment(1)
This Answer is not different from the existing Answer(s).Coriander

© 2022 - 2024 — McMap. All rights reserved.