Remote https repository with TLS client certificate loaded in Nexus JVM keystore not trusted


#1

Hi,

I have a problem to access an https remote repository that requires a client certificate. I’m using version OSS 3.15.2-01. The SSL server certificate is added to our nexus trust store. The client certificate is on our nexus machine and is added via -D parameter (-Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStoreType, -Djavax.net.ssl.keyStorePassword).

I found the following exception in the log: java.io.IOException: Received fatal alert: handshake_failure.

With enabled ssl-debugging I found the following problem:
2019-05-29 12:32:32,096+0000 INFO [qtp1794954214-340] admin sun.security.ssl.HandshakeMessage - *** ServerHelloDone
2019-05-29 12:32:32,097+0000 INFO [qtp1794954214-340] admin sun.security.ssl.ClientHandshaker - Warning: no suitable certificate found - continuing without client authentication
2019-05-29 12:32:32,097+0000 INFO [qtp1794954214-340] admin sun.security.ssl.HandshakeMessage - *** Certificate chain
2019-05-29 12:32:32,097+0000 INFO [qtp1794954214-340] admin sun.security.ssl.HandshakeMessage - <.Empty>
2019-05-29 12:32:32,098+0000 INFO [qtp1794954214-340] admin sun.security.ssl.HandshakeMessage - ***

It seems Nexus don’t find the client certificate. Any ideas how to solve the problem?

It seems it’s the same problem like in NEXUS-12488.