SSL问题-TFS的Jenkins从属连接问题 [英] SSL Issue - Jenkins slave connection issue with TFS

问题描述

1. 升级了詹金斯人.
2. 创建了一个奴隶.
3. 在从属计算机上安装了最新的JDK并启动了从属计算机.
4. 在用奴隶标记作业并运行它时，出现了错误....
5. 在Google上进行搜索，并且按照搜索将我的目标TFS的公共证书添加到C:\ Program Files(x86)\ Java \ jre1.8.0_131 \ lib \ security \ cacerts中的java密钥库中.
6. 它工作了2个工作，出于某种目的，我未标记该工作并在master上运行，再次将其标记回slave，然后运行它..问题又回来了.
7. 试图再次添加证书，但是其提示的证书已经在密钥库中. 7确实卸载并重新安装了slave并更改了JAVA版本..不走运.. 下面的其余日志5)

1. Upgraded the Jenkins.
2. Created a slave.
3. Installed latest JDK on Slave machine and launched the slave.
4. when tagged a job with slave and ran it, getting above error ..
5. did search on google and as per search added public cert of my target TFS to the java keystore which is in C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\cacerts.
6. it worked for 2 jobs, for some purpose i un tagged the job and ran on master , again i tagged it back to slave and ran it.. again the issue came back.
7. tried to add the cert again, but its prompted cert is already in keystore .. 7 did uninstall and re install of slave and changes JAVA version .. no luck.. rest of the log below5)

远程构建
node1
在工作空间C:\ Builds \ Jenkins \ workspace \ Foot_Driver 从'D2017-06-23T15:26:13Z'开始查询位于'$/AEXX/'的远程变更集... 致命:com.microsoft.tfs.core.exceptions.TECoreException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径

Building remotely on
node1
in workspace C:\Builds\Jenkins\workspace\Foot_Driver Querying for remote changeset at '$/AEXX/' as of 'D2017-06-23T15:26:13Z'... FATAL: com.microsoft.tfs.core.exceptions.TECoreException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe

推荐答案

通过将链中的所有证书添加到cacert，问题得到解决.

By adding all the certs in the chain to the cacerts, issue got resolved.

1. 使用(使用google.com替换您的域)获取链中所有证书的列表.
   openssl s_client -host google.com -port 443 -prexit -showcerts
2. 将每个证书复制到单独的.pem文件中，例如-VS_cert1.pem，VS_cert2.pem
3. 将所有证书导入到Java cacerts中
   keytool-导入-别名VS1-文件"C:\ Users \ xxxx \ Desktop \ Temp \ VS_cert1.pem" -keystore"C:\ Program Files(x86)\ Java \ jre1.8.0_131 \ lib \ security \ cacerts"
   keytool-导入-别名VS2-文件"C:\ Users \ xxxx \ Desktop \ Temp \ VS_cert2.pem" -keystore"C:\ Program Files(x86)\ Java \ jre1.8.0_131 \ lib \ security \ cacerts"
4. 弹跳服务.

1. Get all the list of certs in the chain by using (replace your domain with google.com)
   openssl s_client -host google.com -port 443 -prexit -showcerts
2. copy each certs in a seprate .pem file eg - VS_cert1.pem, VS_cert2.pem
3. import all the certs to the java cacerts
   keytool -import -alias VS1 -file "C:\Users\xxxx\Desktop\Temp\VS_cert1.pem" -keystore "C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\cacerts"
   keytool -import -alias VS2 -file "C:\Users\xxxx\Desktop\Temp\VS_cert2.pem" -keystore "C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\cacerts"
4. Bounce the service.

这篇关于SSL问题-TFS的Jenkins从属连接问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！