相关文章推荐
沉着的热水瓶  ·  python 浅拷贝与深拷贝 - 小吉猫 ...·  1 月前    · 
刚毅的围巾  ·  flask jwt token ...·  1 年前    · 
爱玩的遥控器  ·  ChatGPT引领AIGC新浪潮!暨南大学等 ...·  1 年前    · 
挂过科的镜子  ·  python安装OpenCV - 简书·  1 年前    · 
Code  ›  sonarqube - Jenkins fails with "PKIX path building" error - Stack Overflow
jenkins sonarqube
https://stackoverflow.com/questions/52842214/jenkins-fails-with-pkix-path-building-error
大力的荒野
1 年前
Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

Why does Jenkins fail with "PKIX path building failed" for SonarQube and GitLab plugins?

I found this article: https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message

However it didn't seem to answer the question fully.

Two pieces of the stacktrace: 

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

When configuring Jenkins to work with GitLab and SonarQube, the JVM needs to know the server's keystore and the certificate authorities (truststore) for which the external sites are signed with to establish an SSL connection.


On a CentOS server, in /etc/sysconfig/jenkins, add the following to the JENKINS_JAVA_OPTIONS property:


JENKINS_JAVA_OPTIONS="-Djavax.net.ssl.trustStore=<path to trustStore in JKS format> -Djavax.net.ssl.trustStorePassword=<password> -Djavax.ssl.keyStore=<path to server keystore in JKS format> -Djavax.net.ssl.keyStorePassword=<password>"

The above is different from setting HTTPS in Jenkins, which can be setup using the following two properties:


JENKINS_HTTPS_KEYSTORE=<path to server keystore in JKS format>
JENKINS_HTTPS_KEYSTORE_PASSWORD=<password>
JENKINS_HTTPS_PORT=<port to listen on for https>

Note: I kept coming back to this CloudBees article (https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message)  it's got the keyStore and trustStore backwards, and doesn't say to set both of them.

        
Thanks for contributing an answer to Stack Overflow!
  • Please be sure to answer the question. Provide details and share your research!
But avoid
  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
 
推荐文章
沉着的热水瓶  ·  python 浅拷贝与深拷贝 - 小吉猫 - 博客园
1 月前
刚毅的围巾  ·  flask jwt token expired-掘金
1 年前
爱玩的遥控器  ·  ChatGPT引领AIGC新浪潮!暨南大学等最新《人工智能生成内容AIGC》全面综述,详述AIGC的3个前沿功能和6个高级特征 - 专知VIP
1 年前
挂过科的镜子  ·  python安装OpenCV - 简书
1 年前
今天看啥   ·   Py中国   ·   codingpro   ·   藏经阁   ·   小百科   ·   link之家   ·   卧龙AI搜索
删除内容请联系邮箱 2879853325@qq.com
Code - 代码工具平台
© 2024 ~ 沪ICP备11025650号