stackoom
  简体   繁体   中英

SSL Issue - Jenkins slave connection issue with TFS

 原文  2017-06-23 18:44:41       java/ security/ ssl/ jenkins/ tfs

Question

  1. Upgraded the Jenkins.
  2. Created a slave.
  3. Installed latest JDK on Slave machine and launched the slave.
  4. when tagged a job with slave and ran it, getting above error ..
  5. did search on google and as per search added public cert of my target TFS to the java keystore which is in C:\\Program Files (x86)\\Java\\jre1.8.0_131\\lib\\security\\cacerts.
  6. it worked for 2 jobs, for some purpose i un tagged the job and ran on master , again i tagged it back to slave and ran it.. again the issue came back.
  7. tried to add the cert again, but its prompted cert is already in keystore .. 7 did uninstall and re install of slave and changes JAVA version .. no luck.. rest of the log below5)

Building remotely on
node1
in workspace C:\\Builds\\Jenkins\\workspace\\Foot_Driver Querying for remote changeset at '$/AEXX/' as of 'D2017-06-23T15:26:13Z'... FATAL: com.microsoft.tfs.core.exceptions.TECoreException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe

2 answers

solution1
 0  2017-06-26 10:14:22

According to the error info sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe which clearly complains about certificate validation. This may due to when working on a client that works with an SSL enabled server running in https protocol.

Try to add -Djavax.net.ssl.trustStore location in jenkins-slave.xml and well as add jssecacerts to lib\\security of java used for your Jenkins's slave to run.

More info about the error please take a look this blog-- unable to find valid certification path to requested target

solution2
 0 ACCPTED  2017-07-06 20:17:09

By adding all the certs in the chain to the cacerts, issue got resolved.

  1. Get all the list of certs in the chain by using (replace your domain with google.com)
    openssl s_client -host google.com -port 443 -prexit -showcerts
  2. copy each certs in a seprate .pem file eg - VS_cert1.pem, VS_cert2.pem
  3. import all the certs to the java cacerts
    keytool -import -alias VS1 -file "C:\\Users\\xxxx\\Desktop\\Temp\\VS_cert1.pem" -keystore "C:\\Program Files (x86)\\Java\\jre1.8.0_131\\lib\\security\\cacerts"
    keytool -import -alias VS2 -file "C:\\Users\\xxxx\\Desktop\\Temp\\VS_cert2.pem" -keystore "C:\\Program Files (x86)\\Java\\jre1.8.0_131\\lib\\security\\cacerts"
  4. Bounce the service.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Issue connecting windows 7 slave to debian master on jenkins Issue with SVN connection in Jenkins Jenkins to slave machine connection got broken after updating the SSL certs? Jenkins Slave “Connection Refused” Java ssl performance issue in connection with downloads Jenkins headless linux slave connection error Checkout issue in tfs SSL Authentication Issue Issue with understanding keystore and ssl Java SSL Handshake Issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM