Trusting a new CA

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Trusting a new CA

Josh Harshman
I have a pipeline library that needs to talk to my Vault server over https.  Problem is that Jenkins doesn't trust the CA the vault server certificate was signed with so I get errors like the following.

```
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
  at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) 
  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
... snip ...  
Caused: javax.net.ssl.SSLHandshakeException
```

Following the instructions outlined here: https://support.cloudbees.com/hc/en-us/articles/203821254-How-to-install-a-new-SSL-certificate- 
I add the CA to to the keystore and instruct Jenkins to use it. However, now when I run the pipeline, the library can't fetch it's dependancies

```
org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed:
General error during conversion: Error grabbing Grapes -- [unresolved dependency: org.codehaus.groovy.modules.http-builder#http-builder;0.7: not found]

java.lang.RuntimeException: Error grabbing Grapes -- [unresolved dependency: org.codehaus.groovy.modules.http-builder#http-builder;0.7: not found
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
```

Any help debugging this would be greatly appreciated!

Thanks in advance!
- Josh

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/63ef5aec-0715-47fa-bff4-061dc5dde44d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.