Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22082

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Recently, JIRA Issue Updater has ceased to work due to the following error:

      Could not connect to Jira. The cause is one of the following:

      • cannot reach Jira via the configured SOAP URL: https://jira.ecolane.com/rpc/soap/jirasoapservice-v2. Make sure Jira is started, reachable from this machine, has SOAP enabled and the given SOAP url is correct.
      • the given Jira credentials are incorrect.
        You can find details on the exact problem in the Jenkins server logs.

      jenkins.log:

      {http://xml.apache.org/axis/}

      hostname:madmax1.ecolane.com

      javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
      at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
      at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
      at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
      at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
      at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
      at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
      at org.apache.axis.client.Call.invoke(Call.java:2767)
      at org.apache.axis.client.Call.invoke(Call.java:2443)
      at org.apache.axis.client.Call.invoke(Call.java:2366)
      at org.apache.axis.client.Call.invoke(Call.java:1812)
      at com.atlassian.jira.rpc.soap.client.JirasoapserviceV2SoapBindingStub.login(JirasoapserviceV2SoapBindingStub.java:3790)
      at info.bluefloyd.jenkins.SOAPSession.connect(SOAPSession.java:47)
      at info.bluefloyd.jenkins.SOAPClient.authenticateSoapSession(SOAPClient.java:46)
      at info.bluefloyd.jenkins.SOAPClient.connect(SOAPClient.java:40)
      at info.bluefloyd.jenkins.IssueUpdatesBuilder.perform(IssueUpdatesBuilder.java:154)
      at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
      at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:804)
      at hudson.model.Build$BuildExecution.build(Build.java:199)
      at hudson.model.Build$BuildExecution.doRun(Build.java:160)
      at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:585)
      at hudson.model.Run.execute(Run.java:1676)
      at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
      at hudson.model.ResourceController.execute(ResourceController.java:88)
      at hudson.model.Executor.run(Executor.java:231)
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
      at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
      at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
      at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
      at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
      at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
      at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
      ... 23 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
      at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
      at sun.security.validator.Validator.validate(Validator.java:260)
      at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
      at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
      at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
      ... 34 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
      ... 40 more

      curl works fine with the configured URL:
      curl https://jira.ecolane.com/rpc/soap/jirasoapservice-v2
      <h1>jirasoapservice-v2</h1>
      <p>Hi there, this is an AXIS service!</p>
      <i>Perhaps there will be a form for invoking the service here...</i>

        Attachments

          Activity

          Hide
          sweetfa sweetfa added a comment -

          Could you try the following command please:

          openssl s_client -connect https://jira.ecolane.com/rpc/soap/jirasoapservice-v2

          and provide the results.

          Show
          sweetfa sweetfa added a comment - Could you try the following command please: openssl s_client -connect https://jira.ecolane.com/rpc/soap/jirasoapservice-v2 and provide the results.
          Hide
          matti Matti Linnanvuori added a comment -

          openssl s_client -connect jira.ecolane.com:443
          CONNECTED(00000003)
          depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
          verify error:num=19:self signed certificate in certificate chain
          verify return:0

          Certificate chain
          0 s:/OU=Domain Control Validated/CN=*.ecolane.com
          i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
          1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
          i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
          2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
          i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
          3 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
          i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority

          Server certificate
          ----BEGIN CERTIFICATE----
          MIIFIzCCBAugAwIBAgIHTodqeVD/vDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UE
          BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
          BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMu
          Z29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3Vy
          ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xNDAyMjUwOTM5MjJaFw0x
          OTAyMjUwOTM5MjJaMDsxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl
          ZDEWMBQGA1UEAwwNKi5lY29sYW5lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
          ADCCAQoCggEBAMI3Y7vvOXwn+TESCwGMMfUaRyx6wFIKdqdZ7MSnniNWEvKFaq/e
          XmsS9QNNZ1UuEQP11ay0V+R27T7snM2EB1rBy1uSiPSAl4Zi0SggXOBYwbdsMusx
          2xtkuWeNjxg75U2XZl2uNp353V/QEAFjwuomp4VyFOp1g871wJV1VCZ8BWqeaYvo
          XByzyuoagjl1IMiZH7wQ7XB1r6A5/J5ESWMcYGKUfW5pV3Ti/cpGL9IPqiLYFHZK
          0honqA7AzyO/BBPIc6JGywatTFjwt2tJHj5pZUJIPiL1LnrBv9mG+F7l/7NBDFKy
          cOs8CoJShHnHE8Kc5DeV83cfnEE+YNqYcwMCAwEAAaOCAbAwggGsMA8GA1UdEwEB
          /wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB
          /wQEAwIFoDA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdvZGFkZHkuY29t
          L2dkaWcyczEtMjAuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3Bggr
          BgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0
          b3J5LzB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv
          ZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2Rh
          ZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0
          gzCiM9f7bLPwtCyAzjAlBgNVHREEHjAcgg0qLmVjb2xhbmUuY29tggtlY29sYW5l
          LmNvbTAdBgNVHQ4EFgQUFDqwo4lyZyav57ZrKBB7uQCp/YgwDQYJKoZIhvcNAQEL
          BQADggEBAHSwrZKrrmt4OU+tz0zdnPYnK+Jop7Xc9hHkcG00tcKI8ZTkCTilGSyn
          WvlsyUYUu4IEtUjAsDBexw3ImfUBK2FIF+EcHIN489YjedIB25u13d0zQ758Mnbp
          5P95txuWcmBU5DBQ7Bcag6DZAzXrJsinfLArUq+Iykitn8DUBY7lCs0g765dkvrX
          WCMVDrdzzkkvU43aHEcTCUA13/W3AaVuBM5YG4MiVXSNXKkT3bumjDRwgYnDw5eS
          4ONDXbfGszJ/N3ffJhVuuqpjds++lD01JOdX0bcdXesUwSvbOw1xtn74v06s2hSv
          nYCc8ZtQ+EDL9wSP1pNdx30g7J3XDoE=
          ----END CERTIFICATE----
          subject=/OU=Domain Control Validated/CN=*.ecolane.com
          issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2

          No client certificate CA names sent

          SSL handshake has read 5623 bytes and written 518 bytes

          New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
          Server public key is 2048 bit
          Secure Renegotiation IS supported
          Compression: zlib compression
          Expansion: zlib compression
          SSL-Session:
          Protocol : TLSv1
          Cipher : DHE-RSA-AES256-SHA
          Session-ID: 3CC0FBC2A815C3CE153E6A13AEA5D6B739055A8717768BF625C55F0BBFD1FE1A
          Session-ID-ctx:
          Master-Key: 4A10CC475825E352D710665255F08C051260451507228468517A2328BD22FA5F0A307C6B636E95B3847A57F68C113147
          Key-Arg : None
          PSK identity: None
          PSK identity hint: None
          SRP username: None
          TLS session ticket:
          0000 - a2 25 c2 82 52 77 d1 05-4a 78 3e 2c 41 b5 90 ee .%..Rw..Jx>,A...
          0010 - 31 6e a9 9f bd d9 4b 30-56 ab 93 35 4b 4c 07 b2 1n....K0V..5KL..
          0020 - 9b cf 2e b2 c5 33 6c 64-ec af d0 64 c1 db 5b 48 .....3ld...d..[H
          0030 - 1d eb e4 db 4d 99 8f 8c-5e d7 fa 18 4a d6 c3 eb ....M...^...J...
          0040 - ee c7 7b 2b 05 ef 84 48-ee 34 eb b4 11 03 5c fd ..{+...H.4....\.
          0050 - 5d 2c 20 ef 6f 5d ec 29-b4 de 0a 9f a0 3a 0a 67 ], .o].).....:.g
          0060 - be c3 36 16 01 bc 23 86-09 6a f2 ec c9 52 22 1d ..6...#..j...R".
          0070 - c2 49 f9 5a 26 12 4f 99-68 02 4b 3b f6 5f 81 6b .I.Z&.O.h.K;._.k
          0080 - 4e 85 96 88 bc ce 6f f2-dd f9 22 7f ea f6 ef 1d N.....o...".....
          0090 - b4 cb 26 14 0d e4 7f f9-27 16 09 e8 f9 80 97 a9 ..&.....'.......
          00a0 - f4 c4 4c 0f f0 b4 30 55-03 f6 14 58 2e 62 04 1e ..L...0U...X.b..
          00b0 - c0 58 0d a6 23 d2 19 1d-4d 7c 1c b8 73 00 f5 80 .X..#...M|..s...

          Compression: 1 (zlib compression)
          Start Time: 1395640848
          Timeout : 300 (sec)
          Verify return code: 19 (self signed certificate in certificate chain)

          closed

          Show
          matti Matti Linnanvuori added a comment - openssl s_client -connect jira.ecolane.com:443 CONNECTED(00000003) depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 — Certificate chain 0 s:/OU=Domain Control Validated/CN=*.ecolane.com i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU= http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU= http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority 3 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority — Server certificate ---- BEGIN CERTIFICATE ---- MIIFIzCCBAugAwIBAgIHTodqeVD/vDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UE BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMu Z29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3Vy ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xNDAyMjUwOTM5MjJaFw0x OTAyMjUwOTM5MjJaMDsxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl ZDEWMBQGA1UEAwwNKi5lY29sYW5lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAMI3Y7vvOXwn+TESCwGMMfUaRyx6wFIKdqdZ7MSnniNWEvKFaq/e XmsS9QNNZ1UuEQP11ay0V+R27T7snM2EB1rBy1uSiPSAl4Zi0SggXOBYwbdsMusx 2xtkuWeNjxg75U2XZl2uNp353V/QEAFjwuomp4VyFOp1g871wJV1VCZ8BWqeaYvo XByzyuoagjl1IMiZH7wQ7XB1r6A5/J5ESWMcYGKUfW5pV3Ti/cpGL9IPqiLYFHZK 0honqA7AzyO/BBPIc6JGywatTFjwt2tJHj5pZUJIPiL1LnrBv9mG+F7l/7NBDFKy cOs8CoJShHnHE8Kc5DeV83cfnEE+YNqYcwMCAwEAAaOCAbAwggGsMA8GA1UdEwEB /wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB /wQEAwIFoDA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdvZGFkZHkuY29t L2dkaWcyczEtMjAuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3Bggr BgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0 b3J5LzB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv ZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2Rh ZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0 gzCiM9f7bLPwtCyAzjAlBgNVHREEHjAcgg0qLmVjb2xhbmUuY29tggtlY29sYW5l LmNvbTAdBgNVHQ4EFgQUFDqwo4lyZyav57ZrKBB7uQCp/YgwDQYJKoZIhvcNAQEL BQADggEBAHSwrZKrrmt4OU+tz0zdnPYnK+Jop7Xc9hHkcG00tcKI8ZTkCTilGSyn WvlsyUYUu4IEtUjAsDBexw3ImfUBK2FIF+EcHIN489YjedIB25u13d0zQ758Mnbp 5P95txuWcmBU5DBQ7Bcag6DZAzXrJsinfLArUq+Iykitn8DUBY7lCs0g765dkvrX WCMVDrdzzkkvU43aHEcTCUA13/W3AaVuBM5YG4MiVXSNXKkT3bumjDRwgYnDw5eS 4ONDXbfGszJ/N3ffJhVuuqpjds++lD01JOdX0bcdXesUwSvbOw1xtn74v06s2hSv nYCc8ZtQ+EDL9wSP1pNdx30g7J3XDoE= ---- END CERTIFICATE ---- subject=/OU=Domain Control Validated/CN=*.ecolane.com issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU= http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 — No client certificate CA names sent — SSL handshake has read 5623 bytes and written 518 bytes — New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 3CC0FBC2A815C3CE153E6A13AEA5D6B739055A8717768BF625C55F0BBFD1FE1A Session-ID-ctx: Master-Key: 4A10CC475825E352D710665255F08C051260451507228468517A2328BD22FA5F0A307C6B636E95B3847A57F68C113147 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket: 0000 - a2 25 c2 82 52 77 d1 05-4a 78 3e 2c 41 b5 90 ee .%..Rw..Jx>,A... 0010 - 31 6e a9 9f bd d9 4b 30-56 ab 93 35 4b 4c 07 b2 1n....K0V..5KL.. 0020 - 9b cf 2e b2 c5 33 6c 64-ec af d0 64 c1 db 5b 48 .....3ld...d..[H 0030 - 1d eb e4 db 4d 99 8f 8c-5e d7 fa 18 4a d6 c3 eb ....M...^...J... 0040 - ee c7 7b 2b 05 ef 84 48-ee 34 eb b4 11 03 5c fd ..{+...H.4....\. 0050 - 5d 2c 20 ef 6f 5d ec 29-b4 de 0a 9f a0 3a 0a 67 ], .o].).....:.g 0060 - be c3 36 16 01 bc 23 86-09 6a f2 ec c9 52 22 1d ..6...#..j...R". 0070 - c2 49 f9 5a 26 12 4f 99-68 02 4b 3b f6 5f 81 6b .I.Z&.O.h.K;._.k 0080 - 4e 85 96 88 bc ce 6f f2-dd f9 22 7f ea f6 ef 1d N.....o..."..... 0090 - b4 cb 26 14 0d e4 7f f9-27 16 09 e8 f9 80 97 a9 ..&.....'....... 00a0 - f4 c4 4c 0f f0 b4 30 55-03 f6 14 58 2e 62 04 1e ..L...0U...X.b.. 00b0 - c0 58 0d a6 23 d2 19 1d-4d 7c 1c b8 73 00 f5 80 .X..#...M|..s... Compression: 1 (zlib compression) Start Time: 1395640848 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) — closed
          Hide
          sweetfa sweetfa added a comment -

          This problem is occurring because Jenkins does not know about the root certificate for your Jira server.

          You can see from your openssl command that Jira is returning what openssl is considering is a self signed certificate. If you were to attempt to do access this URL from your browser you would be asked if you wished to accept this certificate.

          Because there is no interaction there is no way for the underlying Java SSL implementation to accept your Jira certificate and therefore you get the exception you have.

          You have two choices to correct this problem.
          1. Obtain an approved certificate for your jura server signed by a recognised authority
          2. Add the jira server certificate to the keystore for your JRE implementation that Jenkins is using (under tomcat maybe)

          See the keytool command for adding to your keystone.
          The keystone is usually located in jre/lib/security/cacerts with a default password of changeit

          Show
          sweetfa sweetfa added a comment - This problem is occurring because Jenkins does not know about the root certificate for your Jira server. You can see from your openssl command that Jira is returning what openssl is considering is a self signed certificate. If you were to attempt to do access this URL from your browser you would be asked if you wished to accept this certificate. Because there is no interaction there is no way for the underlying Java SSL implementation to accept your Jira certificate and therefore you get the exception you have. You have two choices to correct this problem. 1. Obtain an approved certificate for your jura server signed by a recognised authority 2. Add the jira server certificate to the keystore for your JRE implementation that Jenkins is using (under tomcat maybe) See the keytool command for adding to your keystone. The keystone is usually located in jre/lib/security/cacerts with a default password of changeit
          Hide
          sweetfa sweetfa added a comment -

          You can test that your certificate is OK by using openssl s_client with the -CAfile option and include the cacerts file that you have updated.

          Show
          sweetfa sweetfa added a comment - You can test that your certificate is OK by using openssl s_client with the -CAfile option and include the cacerts file that you have updated.
          Hide
          matti Matti Linnanvuori added a comment -

          Adding the JIRA server certificate did not help but I got the same error as before.
          I added the Jenkins Skip Certificate Check plugin, which helped.

          Show
          matti Matti Linnanvuori added a comment - Adding the JIRA server certificate did not help but I got the same error as before. I added the Jenkins Skip Certificate Check plugin, which helped.
          Hide
          laszlomiklosik Laszlo Miklosik added a comment -

          This is not a real bug also a 'workaround' available in the last commit

          Closing the issue.

          Show
          laszlomiklosik Laszlo Miklosik added a comment - This is not a real bug also a 'workaround' available in the last commit Closing the issue.

            People

            Assignee:
            matti Matti Linnanvuori
            Reporter:
            matti Matti Linnanvuori
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: