Jenkins “unable to find valid certification path to requested target” error while importing Git repository

by

That error is a common error message reported by the Java Virtual Machine. This is caused when the Java environment does not have information about the HTTPS server to verify that it is a valid website. Sometimes the certificate is provided by an internal Root CA or is a Self-Signed Certificate. This sometimes can confuse the JVM as it is not one of the ones on the Java “trusted” list who can provide these certificates.

Because we know that the certificate is “valid” we can import this certificate directly into the JVM. In doing so, we tell the JVM that this is is a “trusted” certificate and to “ignore” any issues with it.

You will need to add the certificate to your Java Certificate Authority file. For an Debian/Ubuntu Linux machine, that’s usually located here:

$JAVA_HOME/jre/lib/security/cacerts

However, you don’t want to add it to the JRE cacert keystore because it will be overwritten/rewritten by the JRE, so it’s best to duplicate this file for Jenkins.

  • $JAVA_HOME – This should be the location of where your current java home is. If you only have the Java Runtime Environment (JRE) installed, then you can replace $JAVA_HOME/jre with the $JRE_HOME.

  • $ALIAS – This can be any value. It is a value to distinguish this certificate from others. Example would be “git-repo”, or “artifact server”.

  • $JENKINS_HOME – This is the path to your Jenkins home. Often /var/lib/jenkins.

You can import the certificate into your JVM cacerts file using the following commands. — In your Jenkins master. Obtain the certificate, copy the JVM keystore for Jenkins, import the certificate into the keystore, add the trusted keystore to the Jenkins startup parameters and restart Jenkins.

# Import certificate
openssl s_client -showcerts -connect https://your-target-server\
< /dev/null 2> /dev/null | openssl x509 -outform PEM > ~/root_ca.pem

# Duplicate Java Keystore file and move into Jenkins...
mkdir $JENKINS_HOME/keystore/
cp $JAVA_HOME/jre/lib/security/cacerts $JENKINS_HOME/keystore/

# Add Certificate to Keystore
keytool -import -alias $ALIAS -keystore $JENKINS_HOME/keystore/cacerts -file ~/root_ca.pem

# Add -Djavax.net.ssl.trustStore=$JENKINS_HOME/keystore/cacerts to the
# Jenkins startup parameters. For Debian/Ubuntu, this is /etc/default/jenkins
echo 'JAVA_ARGS="$JAVA_ARGS -Djavax.net.ssl.trustStore=$JENKINS_HOME/keystore/cacerts"'\
>> /etc/default/jenkins

sudo service jenkins restart

Reference Help:

More Related Contents:

  1. How can I use different certificates on specific connections?
  2. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  3. How are SSL certificate server names resolved/Can I add alternative names using keytool?
  4. Why does SSL handshake give ‘Could not generate DH keypair’ exception?
  5. Problems using Maven and SSL behind proxy
  6. javax.net.ssl.SSLException: Received fatal alert: protocol_version
  7. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake during web service communicaiton
  8. How to programmatically set the SSLContext of a JAX-WS client?
  9. How to find what SSL/TLS version is used in Java
  10. Keystore type: which one to use?
  11. java – ignore expired ssl certificate
  12. Java SSL: how to disable hostname verification
  13. javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
  14. Problems connecting via HTTPS/SSL through own Java client
  15. How to enable SSL 3 in Java
  16. Choosing SSL client certificate in Java
  17. Using JavaMail with TLS
  18. How do I run my application as superuser from Eclipse?
  19. Java SSLHandshakeException: no cipher suites in common
  20. Java and SSL – java.security.NoSuchAlgorithmException
  21. How set up Spring Boot to run HTTPS / HTTP ports
  22. What is Keystore?
  23. javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer
  24. OkHttp javax.net.ssl.SSLPeerUnverifiedException: Hostname domain.com not verified
  25. Java7 Refusing to trust certificate in trust store
  26. How Can I Access an SSL Connection Through Android?
  27. SSLSocket ignores domain mismatch
  28. Setting multiple truststore on the same JVM
  29. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  30. Can we load multiple Certificates & Keys in a Key Store?

Leave a Comment