Nexus Repo Mgr OSS version 2.14.9-01 doesn't work on VPN using proxy


#1

I have an issue where Nexus OSS cannot connect to repositories such as Maven Central and all others if I am over my Companies VPN. If I am not over VPN nexus can find and download artifacts. If over the VPN nexus cannot locate repositories. Any Ideas or suggestions, … thank you!

  1. company uses a proxy script, I tried using the proxy script but I don’t think nexus supports this. it did not work.
    java.net.UnknownHostException: myapps.setpac.ge.com/pac.pac
    org.sonatype.nexus.proxy.RemoteStorageException: Transport error while executing GET method [repositoryId=“central”, requestPath="/.index/nexus-maven-repository-index.properties", remoteUrl=“https://repo1.maven.org/maven2/.index/nexus-maven-repository-index.properties”]

  2. I remove the co. proxy script reference and go directly to the corp proxy server, but then I get a PKIX error.,
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

is there something I’m missing? what am I doing wrong? What did I miss?

thank you


#2

I notice that there are some plugins missing.


#3

For problem #2 have you tried trusting the certificate of the remote in the repository configuration?

https://help.sonatype.com/display/NXRM3/Configuring+SSL#ConfiguringSSL-OutboundSSL-TrustingSSLCertificatesofRemoteRepositories


#4

thanks rseddon I’ll give this a try.


#5

For the plugins showing as missing see here: https://issues.sonatype.org/browse/NEXUS-10981


#6

rseddon,

hey, I don’t have the administrative repository sub menu as described in the doc link. maybe this is my overall problem. Why wouldn’t I have this.
" The administration user interface for repositories and repository groups is available via the Repositories item in the Repository sub menu of the Administration menu."

image


#7

I missed the fact you were running Nexus Repo 2.x in my original reply. See here:


#8

Rseddon,
thanks so much for helping me. Rseddon, It looks like there is something missing with my Nexus Repo OSS 2.x . the suggested instructions give a SSL tab on the repository. hmmmm, I don’t have such a tab. what did I do wrong? did I miss something during installation ??


#9

Rseddon,
I just tried to create another proxy repo to see if the SSL or Truststore option is there and it is not an option when setting up a proxy repo?


#10

The SSL tab only shows up if the URL of the proxy uses https. What is the URL set to in the central proxy?


#11

thanks Rseddon,

https://repo1.maven.org/maven2/

Maven Central - there is no SSL tab


#12

Sorry, I’d forgotten that in Nexus 2.x the SSL UI is a pro only feature, and requires a license. In Nexus 3.x the SSL feature is in both OSS and pro.

You’ll need to use this technique to import the certificate into the truststore of the java running Nexus:


#13

Rseddon

it sounds like it is a licensed feature in 2.x but it comes out of box in 3.x - is this correct? if I upgraded to 3.x OSS would I need a license?


#14

Yes, that’s right, if you upgrade to Nexus Repo 3 you don’t need a license for the SSL feature.


#15

very Kewl. thanks so much Rseddon!!!

hey, just so you know. I performed the import of the proxy cert/ssl and it appears to work :slight_smile:

this did the trick!!! thanks!

I will upgrade soon, but the proxy cert import worked.