-
Bug
-
Resolution: Fixed
-
Blocker
-
None
On a new install, when trying to use the update center I get this in the logs an no plugins are displayed in the update or install tabs.changing the system date to 2012/04/17 allows me to see the plugins installation of plugins works fine even after setting the system date back to normal
18 avr. 2012 15:34:51 hudson.model.UpdateSite doPostBack
GRAVE: <div class=error><img src='/static/6d2d4a0f/images/none.gif' height=16 width=1>Signature verification failed in the update center 'default' <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
at org.jvnet.hudson.crypto.CertificateUtil.validatePath(CertificateUtil.java:93)
at hudson.model.UpdateSite.verifySignature(UpdateSite.java:229)
at hudson.model.UpdateSite.doPostBack(UpdateSite.java:164)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Wed Apr 18 09:35:04 CEST 2012
at sun.security.x509.CertificateValidity.valid(Unknown Source)
at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
at sun.security.provider.certpath.BasicChecker.verifyTimestamp(Unknown Source)
at sun.security.provider.certpath.BasicChecker.check(Unknown Source)
... 57 more
</pre></div>
trying
- is blocking
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
[JENKINS-13499] CertPathValidatorException when trying to use the update center
The new update center metadata is generated. It will take some time for it to propagate through mirrors, so I'll leave this ticket open for a while more.
Jean Helou
added a comment - Works for me, thanks! For the URL: http://ci.jenkins-ci.org/job/infra_update_center/4629/console
I received
Status Code: 404
Exception:
Stacktrace:
(none)
Generated by Winstone Servlet Engine v0.9.10 at Sun Apr 22 22:17:02 EDT 2012
So, actually, I am running on an old installation and my machine was shutdown in this weekend due to SAN disk migration. This morning (Apr 23 9am HK Time), I start up the tomcat 7.0.23 with Jenkins v1.443.
I still have this problem.
So, what I should do if the mentioned URL (Kohsuke Kawaguchi) is up again? Thanks!
Best regards,
John Law
Would you please help to post again the certificate here?
I still cannot find the updated "jenkins-update-center-root-ca"
Correct me if I am wrong. Thanks!
Richard Mortimer
added a comment - @John Law. Regarding the Status Code: 404 URL that you mentioned above.
That URL is a reference to the Jenkins build instance that was building the update center contents with a fixed certificate path.
ci.jenkins-ci.org has since garbage collected that build instance and hence the console log is no longer available.
If you really want to convince yourself that the update center contents build is currently working the the following URL always refers to the latest build.
http://ci.jenkins-ci.org/job/infra_update_center/lastBuild/console
Richard Mortimer
added a comment - @John Law. Regarding the Status Code: 404 URL that you mentioned above.
That URL is a reference to the Jenkins build instance that was building the update center contents with a fixed certificate path.
ci.jenkins-ci.org has since garbage collected that build instance and hence the console log is no longer available.
If you really want to convince yourself that the update center contents build is currently working the the following URL always refers to the latest build.
http://ci.jenkins-ci.org/job/infra_update_center/lastBuild/console Richard Mortimer
added a comment - @John Law. You do not need access to the certificate. This is private to the Jenkins project administrators and is used to sign the official update center contents.
If you are still having problems with your own Jenkins instance reporting certificate issues then you need to force a reload of the information on the update site.
You can do this from your Jenkins instance plugin manager "Advanced" screen. You can find this at
http://jenkins.example.org/pluginManager/advanced
(replace jenkins.example.org with the base URL of your own jenkins instance)
On that page make sure that the Update Site URL is set to
http://updates.jenkins-ci.org/update-center.json
Once that is correct then click "Check Now" at the bottom right to force a reload of the update center contents.
Richard Mortimer
added a comment - @John Law. You do not need access to the certificate. This is private to the Jenkins project administrators and is used to sign the official update center contents.
If you are still having problems with your own Jenkins instance reporting certificate issues then you need to force a reload of the information on the update site.
You can do this from your Jenkins instance plugin manager "Advanced" screen. You can find this at
http://jenkins.example.org/pluginManager/advanced
(replace jenkins.example.org with the base URL of your own jenkins instance)
On that page make sure that the Update Site URL is set to
http://updates.jenkins-ci.org/update-center.json
Once that is correct then click "Check Now" at the bottom right to force a reload of the update center contents. 
New update center metadata being generated with the renewed certificate: http://ci.jenkins-ci.org/job/infra_update_center/4629/console