If you are a Java developer working with Maven or MuleSoft, you have likely encountered the dreaded "build failure" screen. It often hits when you least expect it—usually when you are trying to download a dependency or plugin.
Specifically, you might see a long, intimidating error message about a plugin dependency that could not be resolved. It usually looks something like this:
[ERROR] Plugin com.mulesoft.munit.tools:munit-maven-plugin:2.2.4 or one of its dependencies could not be resolved... sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
If that looks familiar, don’t worry. It looks complex, but the root cause is simple, and the fix is straightforward.
The Reason: Who is Blocking the Connection?
The culprit here is usually your system firewall or the Java environment's security settings. To understand this, let's use a "friend-to-friend" analogy.
Think of your Java environment as a exclusive club with a strict bouncer. When your application tries to download files from an external website (like https://repository.mulesoft.org/releases/), the bouncer checks the external site's "ID card" (its SSL Certificate).
If that certificate isn't in your Java environment's "Approved List" (the cacerts file), the bouncer denies entry. It assumes the connection is unsafe, triggering the PKIX path building failed error.
To fix this, we simply need to vouch for the external site by manually adding its certificate to our trusted list.
The Solution: Download and Install
We are going to perform two main tasks:
- Download the certificate from the website.
- Install the certificate into your local Java setup.
Phase 1: Get the Certificate
Follow these steps to grab the "ID card" from the website:
- Copy the URL from your error message. In this specific case, it is:
https://repository.mulesoft.org/releases/ - Paste it into your web browser and hit Enter.
- Look for the Lock Icon to the left of the URL in the address bar. Click it.
- In the menu that appears, select Certificate (or "Connection is secure" > "Certificate").
- A window will pop up. Click on the Details tab.
- Click the Copy to File... button.
- This launches the Certificate Export Wizard. Click Next.
- Select the format (usually the default DER encoded binary X.509 is fine) and click Next.
- Save the file to a location you can easily access (e.g., your Downloads folder) and give it a name like
repository.mulesoft.org.cer. - Click Finish. You should see a message saying the export was successful.
Phase 2: Install the Certificate via Command Line
Now that we have the file, we need to tell Java to trust it. We will use the keytool command.
Important: You must run your Command Prompt as an Administrator.
The generic syntax for the command is:
keytool -importcert -trustcacerts -alias <alias_name> -file <path_to_saved_certificate> -keystore "<path_to_cacerts_file>" -storepass changeit
Example Configuration
Here is how the command looks using the specific paths provided in the source scenario:
- Alias:
repo - Certificate Path:
C:\Users\muletrain\Downloads\repository.mulesoft.org.cer - Java Keystore Path:
C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts - Password:
changeit(This is the default Java keystore password).
The Command to Run
Paste the following into your Administrator Command Prompt:
keytool -importcert -trustcacerts -alias repo -file C:\Users\muletrain\Downloads\repository.mulesoft.org.cer -keystore "C:\Program Files\Java\jdk1.8.0_131\jre\lib\security\cacerts" -storepass changeit
Note: Ensure you update the file paths to match your specific Java version and where you saved the certificate.
Verifying the Installation
Once you hit Enter:
- The system might display the certificate details.
- It will ask:
Trust this certificate? [no]: - Type yes and hit Enter.
- You should see the confirmation message:
Certificate was added to keystore.
Conclusion
That’s it! You have successfully updated your local Java security settings. When you run your application or Maven build again, it will recognize the external system, and the PKIX path building failed error should disappear.
nicer, more informative, and easy to understand
ReplyDelete