Eclipse integrated Maven - which JRE/trust store is used for dependency download?

[jpstotz]

I have several Maven projects and a private Maven repository where my self-developed dependencies are available for download. The repository is hosted inside a GitLab server and the server has a common trusted HTTPS certificate (root CA is HARICA TLS ECC Root CA 2021).
When I now add a new dependency that is located on that private repo Maven I get the error PKIX path building failed\: sun.security.provider.certpath.SunCertPathBuilderException\: unable to find valid certification path to requested target which means that the root CA is not trusted

When I connect to that server via https in a Java program everything works. I even checked the cacerts file of the JustJ JRE included in Eclipse and the used HARICA cert is included there.

So my main question is which JRE respectively which trust store is used to perform dependency resolution and download operations?

[laeubi]

So my main question is which JRE respectively which trust store is used to perform dependency resolution and download operations?

The same that is used to launch your Eclipse

[jpstotz]

@laeubi Thanks, for your reply. I was able to verify that by misusing the Eclipse Software Update functionality. If I add the URL of my private maven repo as a software update repo (yes I know this won't work, it was just for testing the https connection) I also get the .SunCertPathBuilderException: unable to find valid certification path to requested target which was expected.

I checked eclipse.ini, found there that Eclipse uses by default Windows system root CA store: -Djavax.net.ssl.trustStoreType=Windows-ROOT and of course Window is the only one that does not trust the HARICA TLS ECC Root CA 2021...