Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Graal is not bundled with some certificates roots #378
After switching for testing purposes JDK from OpenJDK 8 to GraalVM RC-1 I was unable to either download certain artifacts from Sonatype nor publish my own artifacts to Sonatype Nexus via SBT. After some investigation I found out that:
To confirm that it was a JVM issue and not a SBT setup used those instructions: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html
With Graal I got exactly the same exception for
Issue was not immediate as most (almost all) of my dependencies I have already cached locally. Only after I wanted to fetch a new snapshot issue became visible during download, though it also appeared earlier, when I tried to publish a new artifact (I haven't immediately connected this issue to change of my JVM).
Is it a issue of GitHub OpenJDK-based version vs version available on Oracle's site? (I haven't tested that version.) I am concerned since I wanted to use GraalVM on a Docker image for CI and failing artifacts download would be a serious issue.
I use Arch Linux, and for switching JDKs I use build in
This is a known issue with OpenJDK's
The OpenJDK 8 version you are testing with probably comes from your distribution and probably use your distribution's
The bug tracking the addition of the remaining root certificates to OpenJDK is tracked as JDK-8193447.
In case someone had the same error (and maybe needed a one-liner for docker image: