Help us understand the problem. What is going on with this article?

Eclipseでgradleプロジェクト作成時、証明書エラーで失敗した場合

More than 3 years have passed since last update.

社内のPCに導入したEclipseから、gradleプロジェクトを作成しようとしたが、証明書エラーが出て、試行錯誤したので、メモ。

1. エラー内容

gradleプロジェクトを作成しようとした際に、HTTPS通信を行い、そこで「PKIX path building failed(PKIパスの構築に失敗)」とエラーになっていた。
最近、社内でWebプロキシの強化が行われ、CA証明書とWebproxy証明書を持ってないと、通信できなくなった影響と思われる。

Loading Gradle project preview failed due to an error connecting to the Gradle build.
Could not install Gradle distribution from 'https://services.gradle.org/distributions/gradle-3.5-bin.zip'.

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
unable to find valid certification path to requested target
org.gradle.tooling.GradleConnectionException: Could not install Gradle distribution from 'https://services.gradle.org/distributions/gradle-3.5-bin.zip'.
    at org.gradle.tooling.internal.consumer.DistributionFactory$ZippedDistribution.getToolingImplementationClasspath(DistributionFactory.java:129)
    at org.gradle.tooling.internal.consumer.loader.CachingToolingImplementationLoader.create(CachingToolingImplementationLoader.java:40)
    at org.gradle.tooling.internal.consumer.loader.SynchronizedToolingImplementationLoader.create(SynchronizedToolingImplementationLoader.java:43)
    at org.gradle.tooling.internal.consumer.connection.LazyConsumerActionExecutor.onStartAction(LazyConsumerActionExecutor.java:101)
    at org.gradle.tooling.internal.consumer.connection.LazyConsumerActionExecutor.run(LazyConsumerActionExecutor.java:83)
    at org.gradle.tooling.internal.consumer.connection.CancellableConsumerActionExecutor.run(CancellableConsumerActionExecutor.java:45)
    at org.gradle.tooling.internal.consumer.connection.ProgressLoggingConsumerActionExecutor.run(ProgressLoggingConsumerActionExecutor.java:58)
    at org.gradle.tooling.internal.consumer.connection.RethrowingErrorsConsumerActionExecutor.run(RethrowingErrorsConsumerActionExecutor.java:38)
    at org.gradle.tooling.internal.consumer.async.DefaultAsyncConsumerActionExecutor$1$1.run(DefaultAsyncConsumerActionExecutor.java:55)
    at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
    at org.gradle.internal.concurrent.StoppableExecutorImpl$1.run(StoppableExecutorImpl.java:46)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:748)
    at org.gradle.tooling.internal.consumer.BlockingResultHandler.getResult(BlockingResultHandler.java:46)
    at org.gradle.tooling.internal.consumer.DefaultModelBuilder.get(DefaultModelBuilder.java:50)
    at org.gradle.tooling.internal.consumer.DefaultProjectConnection.getModel(DefaultProjectConnection.java:41)
    at org.eclipse.buildship.core.workspace.internal.ConnectionAwareLauncherProxy.newBuildLauncher(ConnectionAwareLauncherProxy.java:79)
    at org.eclipse.buildship.core.workspace.internal.DefaultGradleBuild.newBuildLauncher(DefaultGradleBuild.java:89)
    at org.eclipse.buildship.ui.wizard.project.ProjectCreationWizard$NewGradleProjectInitializer.run(ProjectCreationWizard.java:284)
    at org.eclipse.buildship.core.projectimport.ProjectPreviewJob.runToolingApiJobInWorkspace(ProjectPreviewJob.java:73)
    at org.eclipse.buildship.core.util.progress.ToolingApiWorkspaceJob$1.run(ToolingApiWorkspaceJob.java:79)
    at org.eclipse.buildship.core.util.progress.ToolingApiInvoker.invoke(ToolingApiInvoker.java:62)
    at org.eclipse.buildship.core.util.progress.ToolingApiWorkspaceJob.runInWorkspace(ToolingApiWorkspaceJob.java:76)
    at org.eclipse.core.internal.resources.InternalWorkspaceJob.run(InternalWorkspaceJob.java:39)
    at org.eclipse.core.internal.jobs.Worker.run(Worker.java:56)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at org.gradle.wrapper.Download.downloadInternal(Download.java:66)
    at org.gradle.wrapper.Download.download(Download.java:51)
    at org.gradle.tooling.internal.consumer.DistributionInstaller$1.run(DistributionInstaller.java:129)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
    ... 15 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 21 more

2. 解決方法

あれこれ試したが、最終的には「Eclipse自身が用いているjavaのkeystoreにCA証明書とWebproxy証明書を導入する」で落ち着いた。

※Eclipse内のJavaが用いているkeystoreとは別物なので要注意。
 (これで数時間ハマりました…)

2.1. CA証明書の導入

<Eclipseのパス>\eclipse\jre\bin>keytool -import -keystore <Eclipseのパス>\eclipse\jre\jre\lib\security\cacerts -alias CA -file <CA証明書までのパス>\ca.cer

2.2. Webproxy証明書の導入

<Eclipseのパス>\eclipse\jre\bin>keytool -import -keystore <Eclipseのパス>\eclipse\jre\jre\lib\security\cacerts -alias Webproxy -file <Webproxy証明書までのパス>\webproxy.cer

3. プロジェクト作成成功

:wrapper
:init

BUILD SUCCESSFUL

Total time: 10.028 secs

CONFIGURE SUCCESSFUL

Total time: 2.807 secs

CONFIGURE SUCCESSFUL

Total time: 4.953 secs
Download https://jcenter.bintray.com/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.pom
Download https://jcenter.bintray.com/org/apache/commons/commons-parent/39/commons-parent-39.pom
Download https://jcenter.bintray.com/org/apache/apache/16/apache-16.pom
Download https://jcenter.bintray.com/com/google/guava/guava/21.0/guava-21.0.pom
Download https://jcenter.bintray.com/com/google/guava/guava-parent/21.0/guava-parent-21.0.pom
Download https://jcenter.bintray.com/org/sonatype/oss/oss-parent/7/oss-parent-7.pom
Download https://jcenter.bintray.com/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
Download https://jcenter.bintray.com/com/google/guava/guava/21.0/guava-21.0.jar
Download https://jcenter.bintray.com/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1-sources.jar
Download https://jcenter.bintray.com/com/google/guava/guava/21.0/guava-21.0-sources.jar

CONFIGURE SUCCESSFUL

Total time: 0.184 secs
:wrapper
:init

BUILD SUCCESSFUL

Total time: 0.327 secs

CONFIGURE SUCCESSFUL

Total time: 0.279 secs
miz21358
仕事やら趣味でプログラミングとか周辺をごそごそやってます。 「手を抜く為の手間は惜しまない」がモットー。 Java, Python, Sikuli, Elasticsearch, Kibana, Monaca, JavaScript, bot, Windowsバッチ, VBScript, Excel マクロ
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした