Unable to publish specs or create Maven project due to PKIX error

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When creating a new Java specs Maven project or trying to publish the specs it results in a fatal error.

Diagnosis

In the Maven output we can see the following error:

1 2 3 [INFO] Downloading from central: https://repo.maven.apache.org/maven2/com/atlassian/bamboo/bamboo-specs-parent/7.2.4/bamboo-specs-parent-7.2.4.pom [ERROR] [ERROR] Some problems were encountered while processing the POMs: [FATAL] Non-resolvable parent POM for bambooproject:bamboo-specs:1.0.0: Could not transfer artifact com.atlassian.bamboo:bamboo-specs-parent:pom:7.2.4 from/to central (https://repo.maven.apache.org/maven2): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target and 'parent.relativePath' points at no local POM @ line 5, column 11

Cause

For an explanation on what's the PKIX error, please check the Cause section of the documentation below:

Solution

  1. Run "mvn --version" to check which Java Maven is using;

  2. Navigate to the Java home returned in the command above;

  3. Find the Java cacerts. For JDK the default path is $JAVA_HOME/jre/lib/security/cacerts

  4. Run the command below replacing <Cacerts Location>:

1 2 3 4 5 6 7 set HOST=repo.maven.apache.org set PORT=443 openssl s_client -connect %HOST%:%PORT% < NUL |^ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |^ keytool -noprompt -import -v -trustcacerts -alias %HOST%^ -keystore "<Cacerts Location>"^ -keypass changeit -storepass changeit

If the error persists, check the certificates needed to connect to https://repo.maven.apache.org/maven2, most of the browsers have an option to check the website certificates. Run the command below replacing <Cacerts Location>, and changing the storepass (the default value is changeit):

1 keytool -list -v -keystore <Cacerts Location> -storepass changeit

If any of the certificates are missing, import it following: How to import a public SSL certificate into a JVM

Updated on March 13, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community