Install 52°North Certificate in Java
52°North does not offer an SSL-certificate (for now) which is provided by external party trust agencies, like Thawte or Oracle (Java installations also have a keystore providing known and trusted certificates). If Maven fails complaining certificate issues, or it just cannot download 52n artifacts (which should be accessible via browser) you have two possibilities:
- Switch repository protocols from
- (recommended) follow the next steps to install the 52n certificate into your local Java keystore
Steps to install 52°North Certificate
52°North provides a root certificate which you can manually review and install locally (which tells you system that you checked it and trust us). For doing that take the following steps:
- Browse to https://52north.org/maven/
- Click in Addressbar to show the certificate info
- Download the certificate (remove
*.), or download the attached one
%JAVA_HOME%\bin is on your path and
%JAVA_HOME% is set to the path used in the command below, e.g.
- Open Command Line as Administrator
- Change dir to path where you downloaded certificate
- execute the following (default password should be 'changeit'):
keytool -import -alias 52north_ssl_yyyy-mm -file 52north.org.crt -keystore "c:\Program Files\Java\jdk1.7.0_10\jre\lib\security\cacerts"
Adapt the path to your trusted keystore if neccessary - most probably you only have to change the version number after
. If you have
set to a JDK, you can also use the shortened command
keytool -import -alias 52north_ssl_yyyy-mm -file 52north.org.crt -keystore "%JAVA_HOME%\jre\lib\security\cacerts".
Running the following command lets you check if everything worked fine:
keytool -list -keystore "c:\Program Files\Java\jdk1.7.0_10\jre\lib\security\cacerts" -alias 52north_ssl_yyyy-mm
The output should be as follows (the date is the date you imported the certificate):
52north_ssl_yyyy-mm, 08.01.2013, trustedCertEntry,
Zertifikat-Fingerprint (SHA1): 80:31:AB:2F:00:F4:DA:82:D1:09:00:BE:33:E3:E7:A3
On linux systems use
for system wide installation and
with the end of life of this certificate.
I read that people complained about getting a
java.lang.RuntimeException: Could not generate DH keypair
This may be caused due to a Java 7 issue unable to handle key which were generated with more than 1024bits .. Anyway, switching back to Java 6 did the trick for me. Alternatively, you may want to use the leight encryption implementation of BouncyCastle
(AFAIK replacing the Java encryption libs):
2013-12-18 Upadate: This issue is fixed in Java jdk1.7.0_21 (source)
: Current key size used by 52North is 4096 and not supported by JDK < 1.9.
SunCertPathBuilderException or HTTP 401
The following errors can occur if you try to publish a Maven site to the WebDAV and do not have the certificates installed.
# Transfer error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-site-plugin:2.3:deploy (default-cli) on project ...: Error uploading site: Failed to transfer file: ... Return code is: 401 -> [Help 1]
Make sure that which Java version is on your path
(this is likely be used by Maven), because this must be the one where the certificate is installed to. If you have multiple JDKs/JREs, make sure both
, Eclipse (in
Preferences > Java > Installed JREs > Standard VM
) and Maven (based on JAVA_HOME and/or Eclipse default..) use the same JRE and you installed the certificate to that JRE's keystore.
Modifications to install the enviroCar.org certifikate
- Step 1 of the above workflow: Navigate to enviroroCar.org instead.
- Step 7: Replace