Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PKIX path building failed error message #3

Open
toddllm opened this issue Jul 30, 2018 · 4 comments
Open

PKIX path building failed error message #3

toddllm opened this issue Jul 30, 2018 · 4 comments

Comments

@toddllm
Copy link

toddllm commented Jul 30, 2018

I'm running into:

https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message

What is the best way to handle adding the cert or skipping the check?

Thanks,
Todd
@toddllm
Copy link
Author

toddllm commented Jul 31, 2018
edited
Loading

I got it to work. Here's what I did. Likely with a bit of cleanup work, it could be merged. Until then, here are the manual steps.

Changes to slave-launch.ps1

(JAVA_HOME needs to be set in powershell environment or should be passed in somehow)
Should add a way to pass $javaOpts (or set in environment)
For now I just replaced $javaOpts in the java line below that runs the slave

add:
keytool -noprompt -storepasswd -storepass 'changeit' -import -alias <alias_name> -keystore "$JAVA_HOME/jre/lib/security/cacerts" -file "fullpath/to/cert.crt"

before:
# run slave
. java "-Djavax.net.ssl.keyStore=$JAVA_HOME/jre/lib/security/cacerts" "-Djavax.net.ssl.keyStorePassword=changeit" $jnlpProtocolOpts -cp ./slave.jar hudson.remoting.jnlp.Main @params

Changes to Dockerfile:

cert.crt needs to be in the same directory

# Copy cert into container
RUN mkdir "$env:JENKINS_HOME"
COPY "cert.crt" "$JENKINS_HOME"

@JonCubed
Copy link
Owner

JonCubed commented Aug 1, 2018

thank @deshantm, happy to include a pr. Otherwise I'll include it in the next update I do.

@toddllm
Copy link
Author

toddllm commented Aug 2, 2018
edited
Loading

Thinking about it some more, it seems the Dockerfile is the right place to also run the keytool line, since it only needs to run once.

Untested, but I'm think something like this

FROM jonathank/jenkins-jnlp-slave-windows

ENV CERT_HOME="$env:CERT_HOME"

# Copy cert into container
RUN mkdir "$CERT_HOME"
COPY "certname.crt" "$CERT_HOME"

#import cert into keystore

CMD keytool -noprompt -storepasswd -storepass 'changeit' -import -alias <alias_name> -keystore "$JAVA_HOME/jre/lib/security/cacerts" -file "$CERT_HOME/cert.crt"

@JonCubed
Copy link
Owner

@deshantm I'm going to push out an update this week. I just want to confirm the changes I need to make is only adding "-Djavax.net.ssl.keyStore=$JAVA_HOME/jre/lib/security/cacerts" "-Djavax.net.ssl.keyStorePassword=changeit" to the launch script. The rest I can add to the readme?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@toddllm @JonCubed