22. September 2013

Deploy Spring application by Maven to Tomcat7 via HTTPS – PKIX problem

Simple scenario: deploy spring application to remote server which has https management interface.

Easy task. When you have properly configured project with pom.xml then you can use tomcat7 plugin for Maven.

Part of pom.xml

<plugin>
 <groupId>org.apache.tomcat.maven</groupId>
 <artifactId>tomcat7-maven-plugin</artifactId>
 <version>2.0-SNAPSHOT</version>
 <configuration>
  <path>/test</path>
  <!-- username and password must be set in ~/.m2/settings.xml -->
  <server>mytomcat</server>
  <!-- URL where Maven can find Tomcat 7 Manager -->
  <url>https://test.sinusgear.com:443/manager/text</url>
 </configuration>
</plugin>

Just run:

mvn tomcat7:deploy

Upload fails with error message:

PKIX path building failed

Ups. Not that easy? 🙂
The problem is that Java does not trust certificate of remote server.

Here is how to fix PKIX issue in Windows.

Open url of remote server by Firefox and save certificate to file.

Run PowerShell as administrator.

Go to directory with JDK cacets and import certificate. Default password is “changeit“.

cd C:\Program Files\Java\jdk1.7.0_40\jre\lib\security
keytool -import -alias test.sinusgear.com -keystore cacerts -file C:\Users\georgik\Documents\test.sinusgear.com

Done. Now you can start mvn tomcat7:deploy again.