Jenkins Add Trusted CA

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Jenkins Add Trusted CA

Josh Harshman
I have a pipeline library that needs to communicate over https to Vault in order to read secrets.  Only problem is that Vault's SSL certificate is signed by a CA that is not trusted by Jenkins.  This results in the following error.

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
Caused: sun.security.validator.ValidatorException: PKIX path building failed

Following the instructions here: https://support.cloudbees.com/hc/en-us/articles/203821254-How-to-install-a-new-SSL-certificate- I added the CA to the keystore then configured and restarted Jenkins.  When the pipeline tries to run, it now can't fetch it's dependencies.

org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed:
General error during conversion: Error grabbing Grapes -- [unresolved dependency: org.codehaus.groovy.modules.http-builder#http-builder;0.7: not found]

java.lang.RuntimeException: Error grabbing Grapes -- [unresolved dependency: org.codehaus.groovy.modules.http-builder#http-builder;0.7: not found]

Any help on this would be much appreciated.

Thanks in advance!
- Josh

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e850dc92-7979-4d8e-ba29-12b7445c9670%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.