Jenkins“无法找到到请求目标的有效认证路径"导入 Git 存储库时出错 [英] Jenkins "unable to find valid certification path to requested target" error while importing Git repository
问题描述
我正在尝试使用 Git repo 从 Jenkins 构建一个Jenkins Git 插件 在我的笔记本电脑上.Git 存储库驻留在具有自签名证书的公司可信服务器上.在指定 URL 时,我总是收到错误消息:
I'm trying to build a Git repo from Jenkins using the Jenkins Git Plugin on my laptop. The Git repo resides on company trusted server which has self-signed certificates. While specifying the URL I'm always getting an error:
Failed to connect to repository : sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
我了解此错误是由于自签名证书而导致的,但服务器属于我的公司并由授权机构签名.
I understand this error surfaces due to self-signed certificates but the server belongs to my company and is signed by authority.
我还尝试使用自签名从另一台笔记本电脑导入相同的存储库,但仍然出现相同的错误.
I also tried to import the same repo from another laptop using self-signed and keep getting the same error.
任何帮助将不胜感激
推荐答案
该错误是 Java 虚拟机报告的常见错误消息.这是因为 Java 环境没有关于 HTTPS 服务器的信息来验证它是一个有效的网站.有时,证书由内部根 CA 提供或者是自签名证书.这有时会使 JVM 感到困惑,因为它不是 Java受信任"列表中可以提供这些证书的人之一.
That error is a common error message reported by the Java Virtual Machine. This is caused when the Java environment does not have information about the HTTPS server to verify that it is a valid website. Sometimes the certificate is provided by an internal Root CA or is a Self-Signed Certificate. This sometimes can confuse the JVM as it is not one of the ones on the Java "trusted" list who can provide these certificates.
因为我们知道证书是有效的",所以我们可以将这个证书直接导入到 JVM 中.这样做时,我们告诉 JVM 这是一个受信任的"证书,并忽略"它的任何问题.
Because we know that the certififcate is "valid" we can import this certificate directly into the JVM. In doing so, we tell the JVM that this is is a "trusted" certificate and to "ignore" any issues with it.
您需要将证书添加到 Java 证书颁发机构文件中.对于 Debian/Ubuntu Linux 机器,通常位于此处:
You will need to add the certificate to your Java Certificate Authority file. For an Debian/Ubuntu Linux machine, that's usually located here:
$JAVA_HOME/jre/lib/security/cacerts
但是,您不想将其添加到 JRE cacert 密钥库中,因为它会被 JRE 覆盖/重写,因此最好为 Jenkins 复制此文件.
However, you don't want to add it to the JRE cacert keystore because it will be overwritten/rewritten by the JRE, so it's best to duplicate this file for Jenkins.
$JAVA_HOME- 这应该是您当前的 java home 所在的位置.如果您只安装了 Java 运行时环境 (JRE),则可以将$JAVA_HOME/jre替换为$JRE_HOME.
$JAVA_HOME- This should be the location of where your current java home is. If you only have the Java Runtime Environment (JRE) installed, then you can replace$JAVA_HOME/jrewith the$JRE_HOME.
$ALIAS - 这可以是任何值.将此证书与其他证书区分开来是很有价值的.示例是git-repo"或工件服务器".
$ALIAS - This can be any value. It is a value to distinguish this certificate from others. Example would be "git-repo", or "artifact server".
$JENKINS_HOME - 这是您的 Jenkins 家的路径.通常/var/lib/jenkins.
$JENKINS_HOME - This is the path to your Jenkins home. Often /var/lib/jenkins.
您可以使用以下命令将证书导入您的 JVM cacerts 文件.-- 在你的詹金斯大师中.获取证书,复制Jenkins的JVM keystore,将证书导入keystore,将可信keystore添加到Jenkins启动参数中,重启Jenkins.
You can import the certificate into your JVM cacerts file using the following commands. -- In your Jenkins master. Obtain the certificate, copy the JVM keystore for Jenkins, import the certificate into the keystore, add the trusted keystore to the Jenkins startup parameters and restart Jenkins.
# Import certificate
openssl s_client -showcerts -connect https://your-target-server
< /dev/null 2> /dev/null | openssl x509 -outform PEM > ~/root_ca.pem
# Duplicate Java Keystore file and move into Jenkins...
mkdir $JENKINS_HOME/keystore/
cp $JAVA_HOME/jre/lib/security/cacerts $JENKINS_HOME/keystore/
# Add Certificate to Keystore
keytool -import -alias $ALIAS -keystore $JENKINS_HOME/keystore/cacerts -file ~/root_ca.pem
# Add -Djavax.net.ssl.trustStore=$JENKINS_HOME/keystore/cacerts to the
# Jenkins startup parameters. For Debian/Ubuntu, this is /etc/default/jenkins
echo 'JAVA_ARGS="$JAVA_ARGS -Djavax.net.ssl.trustStore=$JENKINS_HOME/keystore/cacerts"'
>> /etc/default/jenkins
sudo service jenkins restart
参考帮助:
这篇关于Jenkins“无法找到到请求目标的有效认证路径"导入 Git 存储库时出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
