Sonatype的的Nexus上传失败,证书nexus.xyz.corp不匹配证书主题的通用名称:wiki.xyz.corp
问题描述:
我在尝试使用摇篮文件上传到的Nexus如果出现以下错误:Sonatype的的Nexus上传失败,证书nexus.xyz.corp不匹配证书主题的通用名称:wiki.xyz.corp
证书不匹配证书主题的通用名称:wiki.xyz.corp
详情:
C:\data\Workspaces\httpstest>gradlew uploadArchives
:compileJava UP-TO-DATE
:processResources UP-TO-DATE
:classes UP-TO-DATE
:jar SKIPPED
:uploadArchives
Could not transfer artifact com.xyz:httpstest:jar:1.0.0 from/to remo
te (https://nexus.xyz.corp/nexus/content/repositories/1st-rel/): Cer
tificate for <nexus.xyz.corp> doesn't match common name of the certi
ficate subject: wiki.xyz.corp
Could not transfer artifact com.xyz:httpstest:pom:1.0.0 from/to remo
te (https://nexus.xyz.corp/nexus/content/repositories/1st-rel/): Cer
tificate for <nexus.xyz.corp> doesn't match common name of the certi
ficate subject: wiki.xyz.corp
:uploadArchives FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':uploadArchives'.
> Could not publish configuration 'archives'
> Failed to deploy artifacts: Could not transfer artifact com.xyz
:httpstest:jar:1.0.0 from/to remote (https://nexus.xyz.corp/nexus/co
ntent/repositories/1st-rel/): Certificate for <nexus.xyz.corp> doesn
't match common name of the certificate subject: wiki.xyz.corp
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug
option to get more log output.
BUILD FAILED
Total time: 5.511 secs
通过HTTPS下载工作正常,但上传无法解决。 nexus.xyz.corp的证书具有正确的通用名称,而NOT错误消息暗示的不是wiki.xyz.corp。 但是,wiki.xyz.corp是在同一台服务器上运行的不同站点。
这里有什么问题?
答
当使用SNI共享不同的域(wiki.xyz.corp和nexus.xyz.corp)时,会发生这种情况。它至少在版本Gradle 2.5 - Gradle 2.13中出现。原因是Gradle在不支持SNI的版本中使用Maven Wagon Library。在这种情况下,Web服务器将返回一个默认证书。看来,wiki.xyz.corp被定义为默认证书。
这在Gradle Discussion和Gradle Issues中讨论。
可能的解决方法:
- 定义nexus.xyz.corp为默认证书,但在另一个网站上
- 替换Maven的旅行车与Maven发布的问题提防,但是这是目前处于测试阶段。见Maven Publish.
- 尝试配置您的系统没有SNI
- 开始摇篮的方式,主机检查是禁用的(这是一个安全漏洞!):
gradlew -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true uploadArchives