Using self-signed certificates to protect an Archiva repository
I have deployed a Maven repository using Archiva and protect it using user name and password authentication. I don’t really have much intellectual property worth protecting (yet!) but I decided that I really should be protecting the transport layer using SSL anyway. Being cheap I also decided to use a self signed certificate so I was going to have problems.
I did a Google and got the following hit:
It looked like a winner but after a few hours of banging my head against the keyboard I had to give up. I then resorted to posting a question on Stack Overflow thinking it might be because I was using a wild-card certificate. But I didn’t get anything useful for my effort.
Meanwhile back in the world of work I was having a problem using the Apache Maven Repository and stumbled onto this posting on a similar issue.
So downloading the CA certificate (cacert.pem) I used to sign my server certificate and importing it into the %JAVA_HOME%\jre\lib\security\jssecacerts keystore with the following command did the trick for me:
keytool -keystore %JAVA_HOME%\jre\lib\security\jssecacerts -import -file cacert.pem
Tagged as archiva, java, keytool, maven, maven 2, ssl + Categorized as Release Engineering, Tools