Hello guys,
Unfortunately, I'm facing the same problem. I already tried importing the certificate into my /etc/pki/java/cacerts and also the -noCertificateCheck option. The same issue as mentioned by Maat Certain happens.
We are using Jenkins Enterprise, deployed along with the Jenkins HA Monitor.
Anyway to get this issue fixed?
> java -jar jenkins-cli.jar -s https://jenkins.XXX.com/ -noCertificateCheck --username wrodrigues --password-file passwd help
Skipping HTTPS certificate checks altogether. Note that this is not secure at all.
Exception in thread "main" java.io.IOException: Failed to connect to https://jenkins.schubergphilis.com/
at hudson.cli.CLI.getCliTcpPort(CLI.java:274)
at hudson.cli.CLI.<init>(CLI.java:134)
at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:72)
at hudson.cli.CLI._main(CLI.java:469)
at hudson.cli.CLI.main(CLI.java:384)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at hudson.cli.CLI.getCliTcpPort(CLI.java:272)
... 4 more
Caused by: java.security.cert.CertificateException: No X509TrustManager implementation available
at com.sun.net.ssl.internal.ssl.DummyX509TrustManager.checkServerTrusted(SSLContextImpl.java:232)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
... 15 more
This bit me today as well, glad I'm not the only one with these issues. I think the better option would be for jenkins-cli to actually support self-signed certificates, since most installations will have that by default.
kohsuke is there any way I could beg for that option?