If you try and connect to a p2 repository on a server with a self-signed cert, you will more than likely hit the following error.

Looking closely at the log, and you will see:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
 at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
 at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
 at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
 at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
 at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
 at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
 at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
 at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
 at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
 at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
 at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263)
 at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69)
 at org.eclipse.core.internal.jobs.Worker.run(Worker:53)

Because this certificate was not issued by a ‘trusted’ source, and thus cannot be verified for authenticity, the transport layer rejects it.

Solution:

While Eclipse and p2 doesn’t offer any nice support out-of-the-box, you can easily get around this problem by installing the root certificate (or the certificate itself) into a truststore on your machine, and then use that truststore when starting Eclipse.

To install a certificate into a custom trust store, simply:

keytool -import -file D:\Goagent\local\CA.crt -storepass changeit -keystore D:\Java\jre\lib\security\cacerts -alias goagent
keytool -list -storepass changeit -keystore D:\Java\jre\lib\security\cacerts

Now, when you start Eclipse, add the following arguments to your eclipse.ini file.

-vm
D:/Java/bin/javaw.exe
-startup
plugins/org.eclipse.equinox.launcher_1.3.0.v20120522-1813.jar
--launcher.library
plugins/org.eclipse.equinox.launcher.win32.win32.x86_1.1.200.v20120522-1813
-showsplash
org.eclipse.platform
--launcher.defaultAction
openFile
-vmargs
-Xms512m
-Xmx512m
-XX:PermSize=256m
-XX:MaxPermSize=256m
-Dsun.lang.ClassLoader.allowArraySyntax=true

-Djavax.net.ssl.trustStore=D:\Java\jre\lib\security\cacerts
-Djavax.net.ssl.trustStorePassword=changeit

When you connect to the update site (p2 repository), the transport layer will be able to validate the self-signed certificate. If the site requires authentication you will even be prompted for a username / password:

 

posted on 2014-01-12 13:09  七月逆流  阅读(599)  评论(0编辑  收藏  举报