Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7652

SSL certificates added using load from server option only use direct socket connection


    • Bug
    • Resolution: Fixed
    • Major
    • 2.11, 3.0.0-m3
    • 2.8, 2.10
    • SSL
    • 0.5
    • Sprint 30


      Configure Nexus to use proxy server which can write it's own SSL certificate in place of the actual remote certificate. ( ie. Charles proxy ). For example, configure it to SSL proxy https://nvd.nist.gov

      In Nexus, Go to SSL Certificates and click Add... Load From Server...
      Enter nvd.nist.gov and click Load Certificate button.
      Nexus UI sends a request similar to:


      Nexus certificates resource tries to make a direct socket connection to the remote instead of https connection. This is by design.

      Now enter https://nvd.nist.gov and click Load Certificate button. Nexus still tries to make a direct socket connection.

      Notice the url sent to Nexus backend is still:


      It seems to be missing the 'protocolHint' parameter.


      Nexus 2.8.0 does the same thing.

      The problem this creates is it is very common proxy servers overwrite remote certs. Without using https instead of direct socket, it is easy to trust the wrong cert. or not be able to trust the correct cert unless you manually get the pem file externally and upload it.

      Expected: When http or https is specified, the internal http client with correct proxy settings should be used to get the remote cert and present that to the end user.




            plynch Peter Lynch
            plynch Peter Lynch
            Peter Lynch Peter Lynch
            0 Vote for this issue
            2 Start watching this issue