SSL问题-TFS的Jenkins从属连接问题 [英] SSL Issue - Jenkins slave connection issue with TFS
问题描述
- 升级了詹金斯人.
- 创建了一个奴隶.
- 在从属计算机上安装了最新的JDK并启动了从属计算机.
- 在用奴隶标记作业并运行它时,出现了错误....
- 在Google上进行搜索,并且按照搜索将我的目标TFS的公共证书添加到C:\ Program Files(x86)\ Java \ jre1.8.0_131 \ lib \ security \ cacerts中的java密钥库中.
- 它工作了2个工作,出于某种目的,我未标记该工作并在master上运行,再次将其标记回slave,然后运行它..问题又回来了.
- 试图再次添加证书,但是其提示的证书已经在密钥库中. 7确实卸载并重新安装了slave并更改了JAVA版本..不走运.. 下面的其余日志5)
- Upgraded the Jenkins.
- Created a slave.
- Installed latest JDK on Slave machine and launched the slave.
- when tagged a job with slave and ran it, getting above error ..
- did search on google and as per search added public cert of my target TFS to the java keystore which is in C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\cacerts.
- it worked for 2 jobs, for some purpose i un tagged the job and ran on master , again i tagged it back to slave and ran it.. again the issue came back.
- tried to add the cert again, but its prompted cert is already in keystore .. 7 did uninstall and re install of slave and changes JAVA version .. no luck.. rest of the log below5)
远程构建
node1
在工作空间C:\ Builds \ Jenkins \ workspace \ Foot_Driver 从'D2017-06-23T15:26:13Z'开始查询位于'$/AEXX/'的远程变更集... 致命:com.microsoft.tfs.core.exceptions.TECoreException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径
Building remotely on
node1
in workspace C:\Builds\Jenkins\workspace\Foot_Driver Querying for remote changeset at '$/AEXX/' as of 'D2017-06-23T15:26:13Z'... FATAL: com.microsoft.tfs.core.exceptions.TECoreException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe
推荐答案
通过将链中的所有证书添加到cacert,问题得到解决.
By adding all the certs in the chain to the cacerts, issue got resolved.
- 使用(使用google.com替换您的域)获取链中所有证书的列表.
openssl s_client -host google.com -port 443 -prexit -showcerts - 将每个证书复制到单独的.pem文件中,例如-VS_cert1.pem,VS_cert2.pem
- 将所有证书导入到Java cacerts中
keytool-导入-别名VS1-文件"C:\ Users \ xxxx \ Desktop \ Temp \ VS_cert1.pem" -keystore"C:\ Program Files(x86)\ Java \ jre1.8.0_131 \ lib \ security \ cacerts"
keytool-导入-别名VS2-文件"C:\ Users \ xxxx \ Desktop \ Temp \ VS_cert2.pem" -keystore"C:\ Program Files(x86)\ Java \ jre1.8.0_131 \ lib \ security \ cacerts" - 弹跳服务.
- Get all the list of certs in the chain by using (replace your domain with google.com)
openssl s_client -host google.com -port 443 -prexit -showcerts - copy each certs in a seprate .pem file eg - VS_cert1.pem, VS_cert2.pem
- import all the certs to the java cacerts
keytool -import -alias VS1 -file "C:\Users\xxxx\Desktop\Temp\VS_cert1.pem" -keystore "C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\cacerts"
keytool -import -alias VS2 -file "C:\Users\xxxx\Desktop\Temp\VS_cert2.pem" -keystore "C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\cacerts" - Bounce the service.
这篇关于SSL问题-TFS的Jenkins从属连接问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!