Resolve issue of unable to find valid certification path to requested target

Issue:

:: problems summary ::
:::: WARNINGS
                module not found: joda-time#joda-time;[2.2,)

        ==== local-m2-cache: tried

          file:/root/.m2/repository/joda-time/joda-time/[revision]/joda-time-[revision].pom

          -- artifact joda-time#joda-time;[2.2,)!joda-time.jar:

          file:/root/.m2/repository/joda-time/joda-time/[revision]/joda-time-[revision].jar

        ==== local-ivy-cache: tried

          /root/.ivy2/local/joda-time/joda-time/[revision]/ivys/ivy.xml

          -- artifact joda-time#joda-time;[2.2,)!joda-time.jar:

          /root/.ivy2/local/joda-time/joda-time/[revision]/jars/joda-time.jar

        ==== central: tried

          https://repo1.maven.org/maven2/joda-time/joda-time/[revision]/joda-time-[revision].pom

          -- artifact joda-time#joda-time;[2.2,)!joda-time.jar:

          https://repo1.maven.org/maven2/joda-time/joda-time/[revision]/joda-time-[revision].jar

        ==== spark-packages: tried

          http://dl.bintray.com/spark-packages/maven/joda-time/joda-time/[revision]/joda-time-[revision].pom

          -- artifact joda-time#joda-time;[2.2,)!joda-time.jar:

          http://dl.bintray.com/spark-packages/maven/joda-time/joda-time/[revision]/joda-time-[revision].jar

                ::::::::::::::::::::::::::::::::::::::::::::::

                ::          UNRESOLVED DEPENDENCIES         ::

                ::::::::::::::::::::::::::::::::::::::::::::::

                :: joda-time#joda-time;[2.2,): not found

                ::::::::::::::::::::::::::::::::::::::::::::::


:::: ERRORS
        Server access error at url https://repo1.maven.org/maven2/joda-time/joda-time/maven-metadata.xml (javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

        Server access error at url https://repo1.maven.org/maven2/joda-time/joda-time/ (javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

        Server access error at url https://repo1.maven.org/maven2/joda-time/joda-time/ (javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)


:: USE VERBOSE OR DEBUG MESSAGE LEVEL FOR MORE DETAILS
Exception in thread "main" java.lang.RuntimeException: [unresolved dependency: joda-time#joda-time;[2.2,): not found]
        at org.apache.spark.deploy.SparkSubmitUtils$.resolveMavenCoordinates(SparkSubmit.scala:1076)
        at org.apache.spark.deploy.SparkSubmit$.prepareSubmitEnvironment(SparkSubmit.scala:294)
        at org.apache.spark.deploy.SparkSubmit$.submit(SparkSubmit.scala:158)
        at org.apache.spark.deploy.SparkSubmit$.main(SparkSubmit.scala:124)
        at org.apache.spark.deploy.SparkSubmit.main(SparkSubmit.scala)

　　

Solution:

Step 1 get open pem from remote server

openssl s_client -showcerts -connect repo1.maven.org:443
CONNECTED(00000003)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA H2 2021
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
 0 s:/CN=repo1.maven.org
   i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS CA H2 2021
-----BEGIN CERTIFICATE-----
MIIGXzCCBUegAwIBAgIQAfwQxYtWLZ0zCp/PceiCljANBgkqhkiG9w0BAQsFADBY
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEuMCwGA1UE
AxMlR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgSDIgMjAyMTAeFw0yMTA5
MDcxMzUxNTJaFw0yMjEwMDkxMzUxNTFaMBoxGDAWBgNVBAMMD3JlcG8xLm1hdmVu
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANgobf8Ja1z0BNv/
orejpy4r2c411hUnEx4ua+uVZG/GvT3ToUKuBVUS9/7tAB/emx/yhCVHTfOMIL9K
WM/R22PRvaWBWtJBS979gVzqabsrLyEacO20juwMJuvgMC0DLThej8bt/I8Fwdfz
lTWp6FUnxYqOroHVi1tjFgaN2ApRSwNc0rfEWePlIakvPqXbr04gvVIezdZ/FMip
3WnHS+LPLCKudrPAOLs1kknrjMfCfb+RXbYU264XbqycT2PRdEnyLTDeW+SuOmLQ
rV6+TRinjCvT/YigQj9+Xuw6kdLyaJRPMWhpAfYO9/3wXdF9Zqab2GCpzosFRAUy
JTbX3dkCAwEAAaOCA2EwggNdMBoGA1UdEQQTMBGCD3JlcG8xLm1hdmVuLm9yZzAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G
A1UdDgQWBBRot2FeIvPGt8FQFs3xM/XG7sWjYTBXBgNVHSAEUDBOMAgGBmeBDAEC
ATBCBgorBgEEAaAyCgEDMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2Jh
bHNpZ24uY29tL3JlcG9zaXRvcnkvMAwGA1UdEwEB/wQCMAAwgZ4GCCsGAQUFBwEB
BIGRMIGOMEAGCCsGAQUFBzABhjRodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9j
YS9nc2F0bGFzcjNkdnRsc2NhaDIyMDIxMEoGCCsGAQUFBzAChj5odHRwOi8vc2Vj
dXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2NhaDIyMDIx
LmNydDAfBgNVHSMEGDAWgBQqNLmq+r88iPFH8tISeL7F5aqwaTBIBgNVHR8EQTA/
MD2gO6A5hjdodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyM2R2
dGxzY2FoMjIwMjEuY3JsMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQBvU3as
MfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXvAh4jxAAAEAwBGMEQCIHt8
Oy5/yZ680giiJ3wgdossTDpjkkeTB8mu/WAnO+82AiBe84FRS8NS7EWcp4mpfoZP
6gFo15l3ddA8a9fsiSoweAB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw
/m1HAAABe8CHiPEAAAQDAEYwRAIgdKvwqMAbDsoBnFDADTFylmVcSNx/kIydBYFh
Po56YAsCIBRtaAnu+eKyqGwRdagHWbLICz/j4NbeU6sESRi6jIcSAHYAUaOw9f0B
eZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAF7wIeJZwAABAMARzBFAiBI7oHB
nWAzasJ+EzwKZmZ9UOzhvxjepJRoN0mSNKWYnQIhALJTAsgpKhiRlobmfRcSH4Gv
L7EbxHVIkQp8A757IopYMA0GCSqGSIb3DQEBCwUAA4IBAQCcNBfFLwFGQ2HgvqJg
jfrosBwwWFtouBmKtDvYIRd4WRXhLQiVtNQO2lbCbCI7T3DeZ03f4Xh0MN23woZi
xe8joA3FEoEivp6KJDhX6LXD/cPsZDifrX0WOOsphGwklRBwkIgtJAaKYUXdC0Bj
MssxiHcyRUiEEOWE25sDpvfi+1aZQMUuaQci3YfWCm8zi3qhd3c2NnxeZPJOQQhp
CH7kqrEE12tcfkjH+ahUW6M4KX+8di5RK3XtgD3ofblISk4Ue/p1S9N3J3yphd4u
/7O1DK8HU/s1ugfq8ggjR3zQeid1CYAeM5BU7kFVITNgNPwWDPV1MtYPQp5xyNIp
qjOI
-----END CERTIFICATE-----
 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS CA H2 2021
   i:/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
-----BEGIN CERTIFICATE-----
MIIExTCCA62gAwIBAgIQeimFGrf0XWZ5UGZBtv/XHTANBgkqhkiG9w0BAQsFADBM
MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xv
YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMTA2MTYxMjAwMDBaFw0y
NDA2MTYwMDAwMDBaMFgxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu
IG52LXNhMS4wLAYDVQQDEyVHbG9iYWxTaWduIEF0bGFzIFIzIERWIFRMUyBDQSBI
MiAyMDIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JTAQMj+QUYF
3d9X5eOWFOphbB6GpHE3J0uvUXcQwxnd8Jz26aQCE1ZYxJFEc2WmsxuVeVXU+rZj
7+MYD7Mg72bhuiwUdwRGRN4a2N122LfIQlTFlHu/fwcNqYX/fe3phvZt9upnH4oJ
aLBbay+t+HPPC4em74x2WKaIl31ZXzgzllLomnlLISLOKiQe1rEHp4yy3/yE2a4G
1l/lprA49dcyM/oylm9Bbkum2F4C+EOjHgTAoDVJrJpdWvPj0CU+HkmftujfFp4S
55LECSr2TfJt7xjgR3eLUx12nlpoauWEzZ0/i6OIDPfbmqcksw4ani/YO07LbRM6
cY9VZzkAvwIDAQABo4IBlTCCAZEwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
BBQqNLmq+r88iPFH8tISeL7F5aqwaTAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpj
move4t0bvDB7BggrBgEFBQcBAQRvMG0wLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3Nw
Mi5nbG9iYWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1
cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0w
K6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmwwVwYD
VR0gBFAwTjAIBgZngQwBAgEwQgYKKwYBBAGgMgoBAzA0MDIGCCsGAQUFBwIBFiZo
dHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0B
AQsFAAOCAQEAEsIwXEhdAfoUGaKAnYfVI7zsOY7Sx8bpC/obGxXa4Kyu8CVx+TtT
g8WmKNF7+I7C51NZEmhvb8UDI1G9ny7iYIRDajQD5AeZowbfC69aHQSI9LiOeAZb
YaRDJfWps9redPwoaC0iT5R4xLOnWwCtmIho1bv/YG3pMAvaQ+qn04kuUvWO7LEp
u7FdHmx1DdgkefcqYgN/rAZ8E39S9VxWV+64PNUDey8vkAIH8FCTxbWiITty6dsH
SulKQ9pSa93k9PHTf+di08mMQBq5WBWTiFeMYZEWyE/z7NHdU3eLMZjq6y/nKlF9
nywrToh4AgdZK6JnbU+lqbNiexJbaBoA3w==
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=repo1.maven.org
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS CA H2 2021
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3517 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 582F44D83554C1B7ACD7E63D411CF3560FB2B19FEEE00E05BDE324CDD045F62A
    Session-ID-ctx:
    Master-Key: 0A0A1FEFBCD31D60CD43210CC0BCCDAA087B18C593FCE8E802257E1F3D45D2F1BBED6F92B9EAC91C247EFB77894DBBDE
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 9f e7 51 f2 2c 8a b3 b4-d3 ee 43 5e 49 d4 df 65   ..Q.,.....C^I..e
    0010 - ea 97 81 1a bf 53 57 37-81 8e 33 46 76 77 48 67   .....SW7..3FvwHg
    0020 - 05 29 04 7d 55 89 3d 8f-67 05 f5 1a 52 5d d2 f4   .).}U.=.g...R]..
    0030 - 5a 0f 72 85 33 91 e6 b5-90 b3 bf 1a f0 e5 c4 2b   Z.r.3..........+
    0040 - 13 04 f5 3f 9b ce 58 e9-cc b9 f2 b5 2b fa 7b 81   ...?..X.....+.{.
    0050 - a1 03 32 ed 68 51 38 3f-b3 dc b3 a4 99 8e a7 cd   ..2.hQ8?........
    0060 - 24 08 c9 57 e4 57 85 d4-73 4b b4 2a a7 c0 b5 87   $..W.W..sK.*....
    0070 - 09 0e e1 cd ab 0e 8f ae-2a cd 2a af 97 c9 6e 29   ........*.*...n)
    0080 - 78 9d 3b cf a3 5b 9c e4-67 5e 5e a5 f1 cf ae c8   x.;..[..g^^.....
    0090 - 39 1d ad f9 ad 07 ed 1d-bd 3f d2 c7 e8 a9 44 09   9........?....D.

    Start Time: 1631174285
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---


closed　

将所有CERTIFICATE文件保存到root.crt 中

执行命令keytool -importcert -keystore /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/lib/security/cacerts -storepass changeit -file root.crt -alias "repo1.maven.org-root"

信任该证书就可以了。 

Refert to https://jfrog.com/knowledge-base/how-to-resolve-unable-to-find-valid-certification-path-to-requested-target-error/