If you try and connect to a p2 repository on a server with a self-signed cert, you will more than likely hit the following error.
Looking closely at the log, and you will see:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263) at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69) at org.eclipse.core.internal.jobs.Worker.run(Worker:53)
Because this certificate was not issued by a ‘trusted’ source, and thus cannot be verified for authenticity, the transport layer rejects it.
Solution:
While Eclipse and p2 doesn’t offer any nice support out-of-the-box, you can easily get around this problem by installing the root certificate (or the certificate itself) into a truststore on your machine, and then use that truststore when starting Eclipse.
To install a certificate into a custom trust store, simply:
keytool -import -file D:\Goagent\local\CA.crt -storepass changeit -keystore D:\Java\jre\lib\security\cacerts -alias goagent
keytool -list -storepass changeit -keystore D:\Java\jre\lib\security\cacerts
Now, when you start Eclipse, add the following arguments to your eclipse.ini file.
-vm D:/Java/bin/javaw.exe -startup plugins/org.eclipse.equinox.launcher_1.3.0.v20120522-1813.jar --launcher.library plugins/org.eclipse.equinox.launcher.win32.win32.x86_1.1.200.v20120522-1813 -showsplash org.eclipse.platform --launcher.defaultAction openFile -vmargs -Xms512m -Xmx512m -XX:PermSize=256m -XX:MaxPermSize=256m -Dsun.lang.ClassLoader.allowArraySyntax=true -Djavax.net.ssl.trustStore=D:\Java\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit
When you connect to the update site (p2 repository), the transport layer will be able to validate the self-signed certificate. If the site requires authentication you will even be prompted for a username / password: