We recently changed all the certificates and Jenkins seems to have been affected by that. It is unable to publish to confluence and it gives the following error:
ERROR: Publisher com.myyearbook.hudson.plugins.confluence.ConfluencePublisher aborted due to exception
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
We use self signed certificates for our internal services. I added the new certificate into the trust store of the server running jenkins using the keytool command. The problem persist.
I am unable to track the source of the problem now.
Any help would be highly appreciated.
Thanks,
SanZig
I finally figured it out. It was a problem with the location of the trusted keystore.
It's better to always add the certificates into the /var/lib/jenkins/.keystore rather than adding in the PATH_TO_JAVA_HOME/jre/lib/security/cacerts. If you still want to add the certificate into the cacerts then an ARG should be added in the application's config file:
JAVA_ARGS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts"
Sometimes you may need to add the certificate in ~/.keystore
Related
I have a web application that runs on a Tomcat and makes a web service call using Axis for some tasks. As part of the configuration, a JKS file is provided for the trustStore parameter. After an upgrade to Axis, the application can no longer find the certificate and refuses to connect. Here is the error that is thrown:
Caused by: org.apache.axis2.AxisFault: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) ~[axis2-kernel-1.7.9.jar:1.7.9]
at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78) ~[axis2-kernel-1.7.9.jar:1.7.9]
at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:85) ~[axis2-transport-http-1.7.9.jar:1.7.9]
However, running the same code in a standalone Java app with the same dependencies has no issues. I am not able to understand what stops it from working within a Tomcat and would appreciate any help/pointers in the right direction.
The following code sets the properties:
System.setProperty(“javax.net.ssl.keyStore”, …);
System.setProperty(“javax.net.ssl.keyStorePassword”, …);
System.setProperty(“javax.net.ssl.trustStore”, …);
System.setProperty(“javax.net.ssl.trustStorePassword”, …);
I have a third party certificate installed in my %JAVA_HOME%/jre/lib/security/cacerts file. I have written a local test program to test that this is imported well and I receive the reply as expected.
When running the program from tomcat I receive an error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Any recommendations?
I'm trying to add a self-signed certificate to my java keystore. When I list all the certificates, it's also there, so it must have been saved. However, when I try to make a request in my class, I still get the exception:
Caused by: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
I have tried to replace the certificate but it doesn't change anything.
My company keeps the Maven dependencies on a server that has an invalid SSL certificate. We must use https to connect. When I try to run Maven, it cannot download the resources.
I know the name of the site I am trying to go to. I'd be happy to either add a security exception for the site, or just shut off all the validation of ssl certificates so that all https sites will be considered valid.
I am using Maven 3.0.4.
Here are some highlights of the stack trace when I try to build:
Caused by: org.sonatype.aether.transfer.ArtifactTransferException: Could not transfer artifact
org.apache.maven:maven-plugin-api:pom:2.0.6 from/to NexusExternal (<code>https</code>:
//mydumbcompanysbrokensite:8443/nexus/content/groups/public):
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target
...
Caused by: org.apache.maven.wagon.TransferFailedException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target
You can simply disable Maven SSL validation by adding these options to the command line :
-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true
Connecting to the LDAP server over TLS fails with the exception
org.springframework.ldap.UncategorizedLdapException: Failed to negotiate TLS session; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy.processContextAfterCreation(AbstractTlsDirContextAuthenticationStrategy.java:155)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:109)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:411)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:431)
I have checked the appropriate certificates are present in my key store and imported missing ones as described in PKIX path building failed while making SSL connection however I am still getting the exception. Any ideas?
Thanks,
Nigel
The problem is with the certificates produced by LDAP servers, this has been verified and issue now resolved.