Installing Eclipse Plug-ins from an Update Site with a self-signed certificate
If you try and connect to a p2 repository on a server with a self-signed cert, you will more than likely hit the following error.
Looking closely at the log, and you will see:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263)
at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69)
at org.eclipse.core.internal.jobs.Worker.run(Worker:53)
Because this certificate was not issued by a ‘trusted’ source, and thus cannot be verified for authenticity, the transport layer rejects it.
Solution:
While Eclipse and p2 doesn’t offer any nice support out-of-the-box, you can easily get around this problem by installing the root certificate (or the certificate itself) into a truststore on your machine, and then use that truststore when starting Eclipse.
To install a certificate into a custom trust store, simply:
keytool -import -file D:\Goagent\local\CA.crt -storepass changeit -keystore D:\Java\jre\lib\security\cacerts -alias goagent
keytool -list -storepass changeit -keystore D:\Java\jre\lib\security\cacerts
Now, when you start Eclipse, add the following arguments to your eclipse.ini file.
-vm
D:/Java/bin/javaw.exe
-startup
plugins/org.eclipse.equinox.launcher_1.3.0.v20120522-1813.jar
--launcher.library
plugins/org.eclipse.equinox.launcher.win32.win32.x86_1.1.200.v20120522-1813
-showsplash
org.eclipse.platform
--launcher.defaultAction
openFile
-vmargs
-Xms512m
-Xmx512m
-XX:PermSize=256m
-XX:MaxPermSize=256m
-Dsun.lang.ClassLoader.allowArraySyntax=true -Djavax.net.ssl.trustStore=D:\Java\jre\lib\security\cacerts
-Djavax.net.ssl.trustStorePassword=changeit
When you connect to the update site (p2 repository), the transport layer will be able to validate the self-signed certificate. If the site requires authentication you will even be prompted for a username / password:
最新文章
- python基础之dict、set及字符
- OpenCV学习笔记(一)——OpenCV安装
- SQL Server Data Tools – Business Intelligence for Visual Studio 2012安装时提示“The CPU architecture....”的解决方法
- Exploring Ionic Lists
- 2014.7.12 敏捷个人奥森健步走&;敏友分享会.活动报道
- LightOJ1382 The Queue(树形DP)
- software glue Middleware
- lightOJ 1172 Krypton Number System(矩阵+DP)
- tcp/ip体系-转载
- 关于ECharts Java类库的一个jquery插件
- Integer Inquiry(大数相加)
- 【01-14】hibernate时间生成
- MyBatis源码解读(1)——SqlSessionFactory
- LNMP下FTP服务器的安装和使用(Pureftpd和Proftpd)
- (转)通过maven,给没有pom文件的jar包生成pom文件,maven项目引入本地jar包
- 让Apache和Nginx支持php-fpm模块
- android -------- 打开本地浏览器或指定浏览器加载,打电话,打开第三方app
- angular 常用插件集合
- hdu 3085
- 12-5 张雨RTCM3数据解码解不出的原因
热门文章
- mysqldump恢复指定表
- iOS UI-应用管理(使用Cell模板)
- bzoj1075
- JSP session过期时间(小记)
- OPENCV Linux安装
- 64位的ubuntu14.04 LTS安装 Linux交叉编译工具链及32位“ia32-libs”依赖库
- ZetCode PyQt4 tutorial work with menus, toolbars, a statusbar, and a main application window
- flask第二十二篇——模板【4】过滤器
- python中django框架的csrf验证
- mysql学习--基本使用