Sonatype Nexus 上传失败,nexus.xyz.corp 的证书与证书主题的通用名称不匹配:wiki.xyz.corp
Sonatype Nexus upload fails with Certificate for nexus.xyz.corp doesn't match common name of the certificate subject: wiki.xyz.corp
尝试使用 Gradle 将文件上传到 Nexus 时出现以下错误:
证书与证书主题的通用名称不匹配:wiki.xyz.corp
详情:
C:\data\Workspaces\httpstest>gradlew uploadArchives
:compileJava UP-TO-DATE
:processResources UP-TO-DATE
:classes UP-TO-DATE
:jar SKIPPED
:uploadArchives
Could not transfer artifact com.xyz:httpstest:jar:1.0.0 from/to remo
te (https://nexus.xyz.corp/nexus/content/repositories/1st-rel/): Cer
tificate for <nexus.xyz.corp> doesn't match common name of the certi
ficate subject: wiki.xyz.corp
Could not transfer artifact com.xyz:httpstest:pom:1.0.0 from/to remo
te (https://nexus.xyz.corp/nexus/content/repositories/1st-rel/): Cer
tificate for <nexus.xyz.corp> doesn't match common name of the certi
ficate subject: wiki.xyz.corp
:uploadArchives FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':uploadArchives'.
> Could not publish configuration 'archives'
> Failed to deploy artifacts: Could not transfer artifact com.xyz
:httpstest:jar:1.0.0 from/to remote (https://nexus.xyz.corp/nexus/co
ntent/repositories/1st-rel/): Certificate for <nexus.xyz.corp> doesn
't match common name of the certificate subject: wiki.xyz.corp
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug
option to get more log output.
BUILD FAILED
Total time: 5.511 secs
通过 HTTPS 下载可以正常工作,但上传不行。
nexus.xyz.corp 的证书具有正确的公用名,而不是错误消息暗示的 wiki.xyz.corp。
但是,wiki.xyz.corp 是同一服务器上的不同站点 运行。
这里有什么问题?
当使用 SNI 共享不同的域(wiki.xyz.corp 和 nexus.xyz.corp)时会发生这种情况。
它至少出现在 Gradle 2.5 - Gradle 2.13 版本中。原因是Gradle在不支持SNI的版本中使用了Maven Wagon Library。在这种情况下,网络服务器 returns 默认证书。似乎 wiki.xyz.corp 被定义为默认证书。
这在 Gradle Discussion and Gradle Issues 中讨论。
可能的解决方法:
- 将 nexus.xyz.corp 定义为默认证书,但要注意其他站点上的问题
- 用 Maven Publish 替换 Maven Wagon,但目前处于测试阶段。参见 Maven Publish.
- 尝试在没有 SNI 的情况下配置您的系统
- 以禁用主机检查的方式启动Gradle(这是一个安全漏洞!):
gradlew -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true uploadArchives
尝试使用 Gradle 将文件上传到 Nexus 时出现以下错误:
证书与证书主题的通用名称不匹配:wiki.xyz.corp
详情:
C:\data\Workspaces\httpstest>gradlew uploadArchives
:compileJava UP-TO-DATE
:processResources UP-TO-DATE
:classes UP-TO-DATE
:jar SKIPPED
:uploadArchives
Could not transfer artifact com.xyz:httpstest:jar:1.0.0 from/to remo
te (https://nexus.xyz.corp/nexus/content/repositories/1st-rel/): Cer
tificate for <nexus.xyz.corp> doesn't match common name of the certi
ficate subject: wiki.xyz.corp
Could not transfer artifact com.xyz:httpstest:pom:1.0.0 from/to remo
te (https://nexus.xyz.corp/nexus/content/repositories/1st-rel/): Cer
tificate for <nexus.xyz.corp> doesn't match common name of the certi
ficate subject: wiki.xyz.corp
:uploadArchives FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':uploadArchives'.
> Could not publish configuration 'archives'
> Failed to deploy artifacts: Could not transfer artifact com.xyz
:httpstest:jar:1.0.0 from/to remote (https://nexus.xyz.corp/nexus/co
ntent/repositories/1st-rel/): Certificate for <nexus.xyz.corp> doesn
't match common name of the certificate subject: wiki.xyz.corp
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug
option to get more log output.
BUILD FAILED
Total time: 5.511 secs
通过 HTTPS 下载可以正常工作,但上传不行。 nexus.xyz.corp 的证书具有正确的公用名,而不是错误消息暗示的 wiki.xyz.corp。 但是,wiki.xyz.corp 是同一服务器上的不同站点 运行。
这里有什么问题?
当使用 SNI 共享不同的域(wiki.xyz.corp 和 nexus.xyz.corp)时会发生这种情况。 它至少出现在 Gradle 2.5 - Gradle 2.13 版本中。原因是Gradle在不支持SNI的版本中使用了Maven Wagon Library。在这种情况下,网络服务器 returns 默认证书。似乎 wiki.xyz.corp 被定义为默认证书。
这在 Gradle Discussion and Gradle Issues 中讨论。
可能的解决方法:
- 将 nexus.xyz.corp 定义为默认证书,但要注意其他站点上的问题
- 用 Maven Publish 替换 Maven Wagon,但目前处于测试阶段。参见 Maven Publish.
- 尝试在没有 SNI 的情况下配置您的系统
- 以禁用主机检查的方式启动Gradle(这是一个安全漏洞!):
gradlew -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true uploadArchives