Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21984

java.security.cert.CertificateExpiredException: NotAfter: Thu Feb 27 04:21:29 JST 2014

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Fixed
    • core
    • None
    • Jenkins 1.543, Jenkins 1.554-SNAPSHOT

    Description

      After installing jenkis, I am getting the following exception. It seems that the server certificate has expired.

      Attempting to reconnect slave
      2 27, 2014 9:57:02 午後 致命的 hudson.model.DownloadService$Downloadable doPostBack
      Signature verification failed in downloadable 'hudson.tools.JDKInstaller'
      java.security.cert.CertPathValidatorException: timestamp check failed
      at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
      at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:330)
      at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
      at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
      at org.jvnet.hudson.crypto.CertificateUtil.validatePath(CertificateUtil.java:93)
      at jenkins.util.JSONSignatureValidator.verifySignature(JSONSignatureValidator.java:92)
      at hudson.model.DownloadService$Downloadable.doPostBack(DownloadService.java:258)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:248)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:390)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:210)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
      at javax.servlet.http.HttpServlet.service(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
      at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:203)
      at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:181)
      at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:86)
      at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:90)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
      at com.cloudbees.jenkins.support.SupportMetricsFilter.doFilter(SupportMetricsFilter.java:105)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source)
      at org.apache.catalina.core.StandardWrapperValve.invoke(Unknown Source)
      at org.apache.catalina.core.StandardContextValve.invoke(Unknown Source)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Unknown Source)
      at org.apache.catalina.core.StandardHostValve.invoke(Unknown Source)
      at org.apache.catalina.valves.ErrorReportValve.invoke(Unknown Source)
      at org.apache.catalina.core.StandardEngineValve.invoke(Unknown Source)
      at org.apache.catalina.connector.CoyoteAdapter.service(Unknown Source)
      at org.apache.coyote.ajp.AjpAprProcessor.process(Unknown Source)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Unknown Source)
      at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(Unknown Source)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
      at java.lang.Thread.run(Thread.java:662)
      Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Feb 27 04:21:29 JST 2014
      at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
      at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:568)
      at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:157)
      at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:109)
      at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
      ... 88 more

      Attachments

        Issue Links

          Activity

            jglick Jesse Glick added a comment -

            Ah, of course: UpdateCenterTest checks only UC metadata, whereas it is tool installer metadata which appears to still have a bad signature. Would need a new test for that.

            jglick Jesse Glick added a comment - Ah, of course: UpdateCenterTest checks only UC metadata, whereas it is tool installer metadata which appears to still have a bad signature. Would need a new test for that.
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #3203
            JENKINS-21984 Checking stable UC as well. Cannot reproduce certificate problem in test. (Revision c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3)
            JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (Revision 334ce1be691c96ad63642c8301c4f0417a0705c3)

            Result = SUCCESS
            Jesse Glick : c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3
            Files :

            • test/src/test/java/hudson/model/UpdateCenterTest.java

            Jesse Glick : 334ce1be691c96ad63642c8301c4f0417a0705c3
            Files :

            • test/src/test/java/hudson/model/UpdateSiteTest.java
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #3203 JENKINS-21984 Checking stable UC as well. Cannot reproduce certificate problem in test. (Revision c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3) JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (Revision 334ce1be691c96ad63642c8301c4f0417a0705c3) Result = SUCCESS Jesse Glick : c87b7daf79f8613de7bfd3ee6745f66d5d1a14a3 Files : test/src/test/java/hudson/model/UpdateCenterTest.java Jesse Glick : 334ce1be691c96ad63642c8301c4f0417a0705c3 Files : test/src/test/java/hudson/model/UpdateSiteTest.java

            Code changed in jenkins
            User: Jesse Glick
            Path:
            test/src/test/java/hudson/model/UpdateSiteTest.java
            http://jenkins-ci.org/commit/jenkins/1d29041372aeb77cab5a6aa4ce758ba5133c2f51
            Log:
            JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future!
            (cherry picked from commit 334ce1be691c96ad63642c8301c4f0417a0705c3)

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: test/src/test/java/hudson/model/UpdateSiteTest.java http://jenkins-ci.org/commit/jenkins/1d29041372aeb77cab5a6aa4ce758ba5133c2f51 Log: JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (cherry picked from commit 334ce1be691c96ad63642c8301c4f0417a0705c3)
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #3715
            JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (Revision 1d29041372aeb77cab5a6aa4ce758ba5133c2f51)

            Result = SUCCESS
            Jesse Glick : 1d29041372aeb77cab5a6aa4ce758ba5133c2f51
            Files :

            • test/src/test/java/hudson/model/UpdateSiteTest.java
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #3715 JENKINS-21984 Disabling cert check on updateDirectlyWithJson since the certificate is now expired, and it is no good to have a test which is known to start failing at a particular time in the future! (Revision 1d29041372aeb77cab5a6aa4ce758ba5133c2f51) Result = SUCCESS Jesse Glick : 1d29041372aeb77cab5a6aa4ce758ba5133c2f51 Files : test/src/test/java/hudson/model/UpdateSiteTest.java
            jglick Jesse Glick added a comment -

            Missing signature blocks is an unrelated issue (related to JENKINS-15105), so reclosing.

            jglick Jesse Glick added a comment - Missing signature blocks is an unrelated issue (related to JENKINS-15105 ), so reclosing.

            People

              kohsuke Kohsuke Kawaguchi
              sogabe sogabe
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: