Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-12488

remote https repository with TLS client certificate loaded in NXRM JVM keystore not trusted

    XMLWordPrintable

    Details

    • Story Points:
      3
    • Notability:
      2

      Description

      When a remote repository requires SSL client certificate authentication, Nexus 3 (3.2.0-01) does not match the client certificate present in the keyStore. With SSL debugging enabled, it logs:
      2017-03-01 16:38:02,934+0100 INFO [qtp1053574947-168] adm_lop sun.security.ssl.ClientHandshaker - Warning: no suitable certificate found - continuing without client authentication
      As a result, we can't see the client certificate being sent to the remote repository in a tcpdump.
      In the end Nexus throws an exception:
      java.io.IOException: Received fatal alert: handshake_failure

      The keyStore and trustStore's are the same as the previous old version 2 (nexus-2.14.2-01) where it was working well. A test with SSLPoke with the same setting and stores works fine. I attached log files for the working SSLPoke and the non-working Nexus.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mbucher Michael Bucher
              Reporter:
              EkewakaKeahi Ekewaka Keahi
              Last Updated By:
              Wes Wannemacher Wes Wannemacher
              Team:
              NXRM - Operations/Groot
              Votes:
              2 Vote for this issue
              Watchers:
              16 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title