-
Bug
-
Resolution: Unresolved
-
Minor
-
Jenkins Version: 2.204.1-cb-2
Hashicorp Vault Plugin: 3.0.0
OS: 4.19.86-coreos, via https://hub.docker.com/r/jenkins/jnlp-slave/
Java Version on Agent: openjdk version "1.8.0_232"
I've verified that adding the internal certs necessary to the file $JAVA_HOME/jre/lib/security/cacerts, which is what was suggested on the Stackoverflow link, works with SSLPoke.
But the vault plugin doesn't seem to use this cert bundle. So I tried making one in the suggested directory on the 3.0.0 release page which is $JAVA_HOME/lib/jre/cacerts and verified the contents work with SSLPoke. But that also doesn't work for the plugin.
I'm willing to send more debugging information if it's needed.
It is not the agents that authenticates against Vault it is your Jenkins master.
So you should add the certificate to the Jenkins master certificate store.