The Issue
As a Mulesoft developer, we will need to download connectors from Anypoint exchange periodically. When we try to connect to Mulesoft Anypoint Exchange, which is the repository for Mulesoft related connectors and other libraries, we may get SSH Handshake exception, in particular, using corporate provided laptop. Here is the top part of the exception message:eclipse.buildId=unknown java.version=1.8.0_212 java.vendor=Oracle Corporation BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en_US Command-line arguments: -os win32 -ws win32 -arch x86_64 org.mule.tooling.core Error Thu Jul 11 17:49:09 CDT 2019 The following exceptions were encountered while resolving dependency com.mulesoft.connectors:mule-salesforce-connector:9.7.6: java.lang.RuntimeException: There was an issue resolving the dependency tree for the bundleDescriptors [[BundleDescriptor{groupId='com.mulesoft.connectors', artifactId='mule-salesforce-connector', baseVersion='null', version='9.7.6', type='jar', classifier=Optional[mule-plugin]}, BundleDescriptor{groupId='org.mule.connectors', artifactId='mule-objectstore-connector', baseVersion='null', version='1.0.0', type='jar', classifier=Optional[mule-plugin]}]] at org.mule.maven.client.internal.AetherMavenClient.resolvePluginBundleDescriptorsDependencies(AetherMavenClient.java:322) at org.mule.tooling.core.m2.internal.MuleMavenClientResolver.resolvePluginDependencies(MuleMavenClientResolver.java:80) at org.mule.tooling.core.module.internal.runner.DownloadTask.doRun(DownloadTask.java:76) at org.mule.tooling.core.module.internal.runner.Task.run(Task.java:65) at org.mule.tooling.core.module.internal.runner.DownloadTask.run(DownloadTask.java:1) at org.mule.tooling.core.module.internal.runner.ArtifactResolvingRunner$ArtifactJob.run(ArtifactResolvingRunner.java:212) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:56) Caused by: org.eclipse.aether.collection.DependencyCollectionException: Failed to collect dependencies at com.mulesoft.connectors:mule-salesforce-connector:jar:mule-plugin:9.7.6 -> com.mulesoft.connectors:mule-connector-commons:jar:2.1.1 at org.eclipse.aether.internal.impl.DefaultDependencyCollector.collectDependencies(DefaultDependencyCollector.java:291) at org.eclipse.aether.internal.impl.DefaultRepositorySystem.collectDependencies(DefaultRepositorySystem.java:316) at org.mule.maven.client.internal.AetherMavenClient.doResolveDependencies(AetherMavenClient.java:408) at org.mule.maven.client.internal.AetherMavenClient.resolvePluginBundleDescriptorsDependencies(AetherMavenClient.java:314) ... 6 more Caused by: org.eclipse.aether.resolution.ArtifactDescriptorException: Failed to read artifact descriptor for com.mulesoft.connectors:mule-connector-commons:jar:2.1.1 at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:282) at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor(DefaultArtifactDescriptorReader.java:198) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.resolveCachedArtifactDescriptor(DefaultDependencyCollector.java:535) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.getArtifactDescriptorResult(DefaultDependencyCollector.java:519) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:409) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:363) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.process(DefaultDependencyCollector.java:351) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.doRecurse(DefaultDependencyCollector.java:504) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:458) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(DefaultDependencyCollector.java:363) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.process(DefaultDependencyCollector.java:351) at org.eclipse.aether.internal.impl.DefaultDependencyCollector.collectDependencies(DefaultDependencyCollector.java:254) ... 9 more Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact com.mulesoft.connectors:mule-connector-commons:pom:2.1.1 from/to mulesoft-releases (https://repository.mulesoft.org/releases/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:444) at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:246) at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:223) at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:267) ... 20 moreThis article describes the procedures to fix this kind of issues.
Find The Root Cause
Problems solving skills are really about to find the root cause of the issue. In this issue, if we look the error message carefully, we will find the following:
Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact com.mulesoft.connectors:mule-connector-commons:pom:2.1.1 from/to mulesoft-releases (https://repository.mulesoft.org/releases/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What this error message is saying that Java process was trying to transfer data from host of: repository.mulesoft.org. The problem is the SSL Handshake. To resolve this kind of problem we need to import the certificate from the site to cacerts.
Tasks
In this article, I only import 3 certificates from the following site:
- anypoint.mulesoft.com
- maven.anypoint.mulesoft.com
- release.anypoint.mulesoft.com
Prerequisites
- On Windows install Cygwind
- Have Admin privilege of the laptop
Solutions
When we connect to Mulesoft Anypoint Exchange, AnypointStudio needs to go through SSL Handshake procedure before we can see the download page. If this process failed, typically, AnypointStudio (a java process) could not store the certificate), the SSHHandshakeException will be thrown by the studio. The following steps will fix the issue:Step One: Download certificate from anypoint.mulesoft.com
openssl s_client -connect anypoint.mulesoft.com:443 -showcerts </dev/null 2>/dev/null |openssl x509 -outform PEM >anypoint.pemStep Two: Download certificate from maven.anypoint.mulesoft.com
openssl s_client -connect maven.anypoint.mulesoft.com:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM >mulesoft.maven.pemStep Three: Download certificate from repository.anypoint.mulesoft.com
openssl s_client -connect repository.mulesoft.org:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM >mulesoft.repo.pemStep Four: Copy the 3 certificates
cp *.pem /cygdrive/c/’Program Files’/Java/jdk1.8.0_212/jre/lib/securityAs you can see that I am using cygwin on Windows. On Macbook Pro, the JAVA_HOME is may be different. In this case the JAVA_HOME is under:
/cygdrive/c/’Program Files’/Java/jdk1.8.0_212Step Five: Import the certificate to cacerts
/cygdrive/c/’Program Files’/Java/jdk1.8.0_212/jre/lib/security keytool -import -alias anypoint -keystore cacerts -file anypoint.pemRepeat the same procedure for the other 2 certificaes. Step Fix: Restart Anypoint Studio