Select Page

Accessing Git and Nexus with custom SSL certificates

Accessing Git and Nexus with custom SSL certificates

Again and again I work for companies having self crafted certificate. In 2020 there is no excuse to not use a valid certificate. There is now Let’s encrypt free certificates https://certbot.eff.org/

Here are some solutions how to fix this for Git, Nexus, maven and Java

Git

Bad solution

Is to avoid SSL certificate checks all together (from a security standpoint this is very bad)

git config --global http.sslVerify false

Best option

Is to add the self-signed certificate to your certificate store, you need to obtain the server certificate tree using chrome or firefox.

  1. Navigate to be server address. Click on the padlock icon and view the certificates. Export all of the certificate chain as base64 encoded files (PEM) format.
  2. Add the certificates to the trust chain of your GIT trust config file In Git bash on the the machine running the job run the following:
git config --list

find the http.sslcainfo configuration this shows where the certificate trust file is located.

3. Copy all the certificates into the trust chain file including the "- -BEGIN- -" and the "- -END- -". Make sure you add the ROOT certificate Chain to the certificates file

Nexus

Bad option

You can also tell Apache Maven to accept the certificate even though it isn’t signed. invoke Maven MAVEN_OPTS with

-Dmaven.wagon.http.ssl.insecure=true

If the host name configured in the certificate doesn’t match the host name Nexus is running on you may also need to add in MAVEN_OPTS

-Dmaven.wagon.http.ssl.allowall=true

Best option

Install a real certificate in Nexus or Import the faulty certificate in your JDK cacert running

${JAVA_HOME}/bin/keytool -importcert -file waltercedric.pem -alias www.waltercedric.com  -storepass changeit -keystore ${JAVA_HOME}/jre/lib/security/cacerts

About The Author

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.

Categories