Gradle throws: "unable to find valid certification path to requested target"

[hennlo]

When starting PolyphenyDB and Gradle tries to download the current UI Snapshot from repository : https://dbis-nexus.dmi.unibas.ch/repository/maven2/org/polypheny/polypheny-ui/1.0-SNAPSHOT/maven-metadata.xml

When doing task :webui:unzipUiFiles the build fails with the following error:

A problem occurred evaluating project ':webui'.
> Could not resolve all files for configuration ':webui:uiFiles'.
   > Could not resolve org.polypheny:polypheny-ui:1.0-SNAPSHOT.
     Required by:
         project :webui
      > Could not resolve org.polypheny:polypheny-ui:1.0-SNAPSHOT.
         > Unable to load Maven meta-data from https://dbis-nexus.dmi.unibas.ch/repository/maven2/org/polypheny/polypheny-ui/1.0-SNAPSHOT/maven-metadata.xml.
            > Could not HEAD 'https://dbis-nexus.dmi.unibas.ch/repository/maven2/org/polypheny/polypheny-ui/1.0-SNAPSHOT/maven-metadata.xml'.
               > The server may not support the client's requested TLS protocol versions: (TLSv1.2, TLSv1.3). You may need to configure the client to allow other protocols to be used. See: https://docs.gradle.org/6.9/userguide/build_environment.html#gradle_system_properties
                  > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      > Could not resolve org.polypheny:polypheny-ui:1.0-SNAPSHOT.
         > Unable to load Maven meta-data from https://repo.maven.apache.org/maven2/org/polypheny/polypheny-ui/1.0-SNAPSHOT/maven-metadata.xml.
            > Could not get resource 'https://repo.maven.apache.org/maven2/org/polypheny/polypheny-ui/1.0-SNAPSHOT/maven-metadata.xml'.
               > Could not GET 'https://repo.maven.apache.org/maven2/org/polypheny/polypheny-ui/1.0-SNAPSHOT/maven-metadata.xml'.
                  > The server may not support the client's requested TLS protocol versions: (TLSv1.2, TLSv1.3). You may need to configure the client to allow other protocols to be used. See: https://docs.gradle.org/6.9/userguide/build_environment.html#gradle_system_properties
                     > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      > Could not resolve org.polypheny:polypheny-ui:1.0-SNAPSHOT.
         > Unable to load Maven meta-data from https://repo.maven.apache.org/maven2/org/polypheny/polypheny-ui/1.0-SNAPSHOT/maven-metadata.xml.
            > Could not get resource 'https://repo.maven.apache.org/maven2/org/polypheny/polypheny-ui/1.0-SNAPSHOT/maven-metadata.xml'.
               > Could not GET 'https://repo.maven.apache.org/maven2/org/polypheny/polypheny-ui/1.0-SNAPSHOT/maven-metadata.xml'.
                  > The server may not support the client's requested TLS protocol versions: (TLSv1.2, TLSv1.3). You may need to configure the client to allow other protocols to be used. See: https://docs.gradle.org/6.9/userguide/build_environment.html#gradle_system_properties
                     > PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

How can this be resolved?

[hennlo]

Permanent Fix

Although this seems to be an error related to the used version of TLS it has two different causes:

1. It is most likely that you sit behind a company proxy which is intercepting your calls, which is considered a man in the middle attack and is therefore aborted.

2. Your JDKs specific keystore is empty
   This can happen if you switched to a new JDK version, or the old one was corrupted.

Solution

The solution to resolve this is still the same for both root causes.
You need to update the keystore of your IDE to trust all necessary certificates for that call.

Procedure

1. Navigate to any website and extract the all certificates in the chain starting with the topmost certificate of the chain.

   • For Windows: do this via the browser.
     (For Chrome: Hit the lock icon next to the URL -> Click on certificate -> Certification Path -> View topmost certificate
     -> Export it in .cer format to a desired location)
   • For Linux or Mac:
     Open a terminal and execute the following (This requires the library net-utils):

     echo -n | openssl s_client -connect google.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/your_custom_certificate.cer

2. In a terminal, navigate to your IDE installation directory and locate the security folder.
   (For IntelliJ this is usually under JetBrains/IntelliJ/jbr/lib/security)

3. Now identify which JDK is used for your project.
   Again for IntelliJ you can simply do this by opening the Project Structure and under Project Settings/Project find the selected Project SDK.
   

4. Now identify the installation directory for your JDK version:
   Navigate to: Project Structure ->Platform Setting/SDKs/Your version/JDK homepath
   This leaves you with a platform_specific_jdk_location.

5. Inside your terminal now import the certificate to your cacerts store:

   • For Windows:

platform_specific_jdk_location\bin\keytool.exe -keystore platform_specific_jdk_location\lib\security\cacerts -importcert -alias your_custom_certificate -file your_custom_certificate.cer

• For Linux or Mac:

platform_specific_jdk_location/bin/keytool -keystore platform_specific_jdk_location/lib/security/cacerts -importcert -alias your_custom_certificate -file /tmp/your_custom_certificate.cer

Of course replace platform_specific_jdk_location with the correct location that you have identified in step 4.

6. Use the default password of "changeit" (Without quotes, obviously.)
7. When prompted to trust the certificate type "yes" (Without quotes...). Hit enter.
8. Repeat step 5-7 for all certificates in the chain that you exported in step 1
9. Restart your IDE
10. Enjoy Life ! :)