Hi, Jenkins has a feature to download JDK Installations from OTN (it can download Maven, Ant, Groovy and Grails installations, too). This is useful e.g. if you run Jenkins with a current jdk7 but want to compile your source with a jdk6 or jdk5 for backward compatibility reasons.
The problem is, that for these downloaded JDK installations modified cacerts or trustedcerts files in the Default JDK of your system do not apply. In my environment (Arch Linux) I manage ca-certificates with the standard tools provided by Arch, which also support Java Runtimes. What I did was to let Jenkins download the custom JDK and the manually make a symlink from the jre/lib/security/cacerts file of each individual JDK installatian in tools/hudson.model.JDK/ to /etc/ssl/certs/java/cacerts. As this is quite specific for Arch it would be nice to specify default parameters per JDK installation. Then I one could set -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts and everything would be finde. - Daniel Am Dienstag, 24. Mai 2011 15:57:49 UTC+2 schrieb Tim Pizey: > > Hi, > > A co-worker and I have spent quite while over the last few days trying > to discover why a self signed ssl certificate was not being accepted. > > The exception being thrown in our tests indicated that a Sun HotSpot > java was being used. > > We are running Ubuntu and have removed OpenJDK and were relatively > sure that there was only one JDK on the machine. > > We discovered eventually that Jenkins had, silently and with no > indication in the configuration, > downloaded its own copy of the HotSpot JDK with its own cacerts file. > > I do not think that this is good default behaviour. > The default that I would expect is to use the same jdk as is used to > run Jenkins. > > If one has been downloaded then some indication, with a name and a > file system location would be good. > > Thanks, hope this helps > Tim > > -- > Tim Pizey - http://pizey.net/~timp > Centre for Genomics and Global Health - http://cggh.org > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
