22

I am trying to download kotlin plugin for eclipse. I am able to connect to eclipse marketplace, but when i try to download it, I get an error: 

Unable to read repository at 
https://dl.bintray.com/jetbrains/kotlin/eclipse-plugin/last/content.xml.

sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

I am behind a firewall and proxy settings are configured. I downloaded a certificate from this website and added it to keytool but the error is still the same. How I can resolve this error or install this plugin manually?

Improve this question
7
  • Which version of Eclipse are you using? Commented Nov 18, 2016 at 2:34
  • It is Eclipse Neon.1 Commented Nov 18, 2016 at 2:46
  • 1
    1. There is a related question in the in the knowledge base of JFrog (the company behind Bintray), which suggests updating the JVM as a step - which version are using? 2. Do other update sites, such as the ones on eclipse.org work? Commented Nov 18, 2016 at 3:01
  • Thank you for the link! I was able to resolve my issue by appending -Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provider.filetransfer.httpclient4 to the end of eclipse.ini file. Found out about it here: stackoverflow.com/a/33631964/4447655 I will look at your link as well, thank you! Other updates worked. Commented Nov 18, 2016 at 3:14
  • Don't edit the solution into your question. Answer your own question instead. Commented Nov 18, 2016 at 3:17

9 Answers 9

Reset to default
29

Given exception is very clear:

sun.security.validator.ValidatorException

meaning that certificate that eclipse gets doesn't match with the host that eclipse talks to - or a variation of this story. This is due to corporate environments where your workstation is intercepted by proxy, firewall or something that inspects https traffic.

1. Add intercepting certificate to cacerts of java

Use command line to add "intercepting certificates" (see ps) into java cacerts keystore (or use some GUI like "KeyStore Explorer" or whatever google gives).

Reference: How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?

2. Fix eclipse.ini and add below "-vmargs":

-Djavax.net.ssl.trustStore=cacerts 
-Djavax.net.ssl.trustStorePassword=changeit

Note: use full path for "cacerts", I keep cacerts in eclipse folder. Avoid spaces and absolutely no quotes or you run into trustAnchors exception.

Now market store and "install new software" should work as it did for me. Good luck.

PS: To find intercepting certificate, open browser, go to stackoverflow.com, click on browser lock icon next to https sign, download all certificates you find and save them as file pem/cer. Import these into cacerts.

PS: More details on command line, trustAnchors exception because of quotes and spaces, here: stackoverflow and stackoverflow.

Remark to title and answer: -Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provider.filetransfer.httpclient4 - is not addressing explained exception. It solves other type of problem. And title should be "Can't install Eclipse plugins due to certificate validation exception".

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

8

Was able to solve the issue by appending the following to the eclipse.ini: 

-Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provider.filetransfer.httpclient4

Found the above solution here: https://stackoverflow.com/a/33631964/4447655 There is also solution if this still does not work, to uncheck SOCKS in the eclipse proxy settings.

Improve this answer

Comments

3

While setting proxy setting in eclipse you will get three proxy entries to be configured HTTP, HTTPS and SOCKS. Configure username and password in HTTP and HTTPS proxy entries, but not in SOCKS. Try this, it may help.

Also make sure the username and password you are typing is correct.

After configuration please restart eclipse, it is required for taking the effect of configuration.

Improve this answer

Comments

2

Adding below lines in eclipse.ini resolved the issue

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=Windows-ROOT
Improve this answer

1 Comment

Learn to use markdown to format your posts.
1

download the plugin manually from here

https://dl.bintray.com/jetbrains/kotlin/eclipse-plugin/0.8.5/

(check if there is a latest version here)

https://dl.bintray.com/jetbrains/kotlin/eclipse-plugin

then

  1. create a directory called kotlin-plugin and copy the features and plugins directory (with all the downloaded jars in it) into it.
  2. close eclipse
  3. copy the kotlin-plugin directory into ${eclipse-install}/dropins
  4. start eclipse
Improve this answer

Comments

0

Resolved by upgrading JVM (and the trusted certs ?)

Improve this answer

Comments

0

You may try this solution:

> sudo apt-get install ca-certificates-java
> sudo update-ca-certificates -f

add to eclipse.ini

-Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provider.filetransfer.httpclient4
Improve this answer

Comments

0

This is how i resolved it -

  1. Made sure i have only one JDK version in C:\Program Files\Java, i.e. only one version of java is installed. and added below lines at end of the file- C:\Users\xyz\OneDrive - AEP\eclipse\eclipse.ini

    -Djavax.net.ssl.trustStore=cacerts

    -Djavax.net.ssl.trustStorePassword=changeit

  2. Open URL - https://ecd-plugin.github.io/update/ in edge browser

  3. Clicked on lock icon on left side of the URL as shown in below screenshot[lock] 1

  4. Click on "Connection is Secure"[connection is secure] 2

  5. Click on Certificate View icon [Certificate view] 3

  6. Click on Details tab -->export button[Details] 4

  7. Change the "Save as type" to "DER-encoded binary, single certificate", enter the file name I used 'ecd-plugin.github.io' and save.[savefile] 5

  8. Open command promt and go to jdk folder lib security e.g. 'C:\Program Files\Java\jdk-21\lib\security'

  9. Make sure to set the PATH using below command, to avoid error - "'keytool' is not recognized as an internal or external command, operable program or batch file."

    set PATH=%PATH%;C:\Program Files\Java\jdk-21\bin

  10. write below command -

    C:\Program Files\Java\jdk-21\lib\security>keytool -import -alias C:\Users\xyz\Downloads\ecd-plugin.github.io -keystore "C:\Program Files\Java\jdk-21\lib\security\cacerts" -file C:\Users\xyz\Downloads\ecd-plugin.github.io.der

  11. Type Yes, as answer to the question it asked , you may need elevated access/full access to jdk folder to this if you are not admin.

  12. Once certificate is imported successful, restart the eclipse and redo the steps to install the plugin ..it worked for me after this.

Improve this answer

1 Comment

Hi, welcome to Stack Overflow, please understand that it would be excessive for users to click on every image (especially when there are a few); Stack Overflow supports direct image insertion. Other than that, it seems all good to go. Happy coding!
0

Most useful approach is import the certificate.

  1. You can check the certificate of your HTTPS site and export it from browser.

  2. You can easily import it in cacerts by Keytool command from your java path inside bin. run below command:

keytool -keystore ..\lib\security\cacerts -import -alias example2 -file <path_to_expotrted cert in step 4> use password - changeit
  1. Also add below command to your eclipse.ini file to read the truststore from cacerts
-Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk-22\lib\security\cacerts

NOTE: Please change C:\Program Files\Java\jdk-22 to your JDK.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.