today my colleagues and I spent some time looking into an issue with the Maven release plugin.
A new hire was trying to run release:perform on an svn repo he had never deployed to before. The command would hang unsuccessfully and the artifacts would never get deployed; the error displayed was:
[INFO] Error validating server certificate for 'https://forge.onehippo.org:443':
[INFO] - The certificate is not issued by a trusted authority. Use the
[INFO] fingerprint to validate the certificate manually!
[INFO] - The certificate hostname does not match.
[INFO] Certificate information:
[INFO] - Subject: CN=*.onehippo.org, OU=Domain Control Validated, O=*.onehippo.org
[INFO] - Valid: from Mon Aug 01 15:57:43 CEST 2011 until Thu Aug 02 21:19:06 CEST 2012
[INFO] - Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
[INFO] - Fingerprint: cb:6c:4e:0e:4a:fa:63:3d:f9:e1:ef:c1:e6:81:b5:bc:7a:4e:dd:f8
After numerous attempts and some advice from a senior developer we solved the issue by checking out a fresh copy of the tag to a temporary folder and running
mvn deployfrom there.This let us the option to answer the user input prompt and accept the certificate, which is not possible if deploy is run though the release plugin. As you can see the problem is that the Java default SSL implementation doesn’t recognize wildcard certificates, thus failing to validate (perfectly) matching hostnames.
Since this problem seldom happens and if it does, only when a user is beginning to use a specific repository, it is an easily forgotten gotcha.