TFS plugin PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

RG Thu, 18 Aug 2016 12:24:11 -0700

Hi,


I have Jenkins 1.580.3 master instance running with Team Foundation Server 
Plug-in (version 3.1.1). (I know it is old) which connects to TFS 2015.

My build jobs are running on Jenkins Slave on Windows 2012 (whereas master 
in Linux), slave is using jre1.8.0_91 64bit.


When build starts and code is checked out from TFS I’m getting following 
exception (please notice all initial steps deletion/recreation/mapping of 
workspace and getting team project from TFS are working fine). 

Exception happens when TFS plugin is trying to retrieve history and 
initializes IdentityManagementService. And clearly complains about 
certificate validation. 

We are using internal certificate which is signed with our internal CA 
certificates. So I was sure CA are missing in trusted store. 


I have added -Djavax.net.ssl.trustStore location in jenkins-slave.xml and 
well as added jssecacerts to lib\security of java used for my Jenkins's 
slave to run. But still no success. 


I have installed skip-certificate-check hoping it will help, but still same 
result. 


I have tried SSLPoke to connect to TFS URL outside of Jenkins with java 
Jenkins is using and it works fine. 


Any idea what I could be missing?


 
Deleting project workspace... done

 

  

[workspace] $ TF.EXE workspaces -format:brief -server:xxxxx ******** 

  

[workspace] $ TF.EXE workspace -delete nnnnnn -noprompt -server:xxxxx 
******** 

[workspace] $ TF.EXE workspace -new nnnnnn -noprompt -server:xxxxxx ******** 

[workspace] $ TF.EXE workfold -map $/local\workspace -workspace:nnnnnn -
server:xxxxxx ******** 

[workspace] $ TF.EXE get . -recursive -version:D2016-08-10T23:35:46Z -noprompt 
******** 

HERE all files are retrieved from TFS 

  

FATAL: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target 

com.microsoft.tfs.core.exceptions.TECoreException: sun.security.validator.
ValidatorException: PKIX path building failed: sun.security.provider.
certpath.SunCertPathBuilderException: unable to find valid certification 
path to requested target 

            at com.microsoft.tfs.core.exceptions.mappers.
TECoreExceptionMapper.map(TECoreExceptionMapper.java:99) 

            at com.microsoft.tfs.core.exceptions.mappers.
RegistrationExceptionMapper.map(RegistrationExceptionMapper.java:23) 

            at com.microsoft.tfs.core.clients.registration.RegistrationData.
newFromServer(RegistrationData.java:70) 

            at com.microsoft.tfs.core.clients.registration.
RegistrationClient.getRegistrationData(RegistrationClient.java:645) 

            at com.microsoft.tfs.core.clients.registration.
RegistrationClient.getRegistrationEntry(RegistrationClient.java:188) 

            at com.microsoft.tfs.core.clients.registration.
RegistrationClient.getRegistrationEntry(RegistrationClient.java:167) 

            at com.microsoft.tfs.core.clients.webservices.
IdentityManagementService.<init>(IdentityManagementService.java:65) 

            at hudson.plugins.tfs.model.Project.getVCCHistory(Project.java:
84) 

            at hudson.plugins.tfs.model.Project.getDetailedHistory(Project.
java:128) 

            at hudson.plugins.tfs.actions.CheckoutAction.checkout(
CheckoutAction.java:56) 

            at hudson.plugins.tfs.TeamFoundationServerScm.checkout(
TeamFoundationServerScm.java:176) 

            at hudson.model.AbstractProject.checkout(AbstractProject.java:
1257) 

            at hudson.model.AbstractBuild$AbstractBuildExecution.
defaultCheckout(AbstractBuild.java:622) 

            at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.
java:86) 

            at hudson.model.AbstractBuild$AbstractBuildExecution.run(
AbstractBuild.java:528) 

            at hudson.model.Run.execute(Run.java:1745) 

            at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) 

            at hudson.model.ResourceController.execute(ResourceController.
java:89) 

            at hudson.model.Executor.run(Executor.java:240) 

Caused by: com.microsoft.tfs.core.ws.runtime.exceptions.TransportException: 
sun.security.validator.ValidatorException: PKIX path building failed: sun.
security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target 

            at com.microsoft.tfs.core.ws.runtime.client.SOAPService.
executeSOAPRequestInternal(SOAPService.java:744) 

            at com.microsoft.tfs.core.ws.runtime.client.SOAPService.
executeSOAPRequest(SOAPService.java:473) 

            at ms.tfs.services.registration._03._RegistrationSoap12Service.
getRegistrationEntries(_RegistrationSoap12Service.java:105) 

            at com.microsoft.tfs.core.clients.registration.RegistrationData.
newFromServer(RegistrationData.java:65) 

            ... 16 more 

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.
ValidatorException: PKIX path building failed: sun.security.provider.
certpath.SunCertPathBuilderException: unable to find valid certification 
path to requested target 

            at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 

            at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1916) 

            at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) 

            at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) 

            at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1472) 

            at sun.security.ssl.ClientHandshaker.processMessage(
ClientHandshaker.java:213) 

            at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913) 

            at sun.security.ssl.Handshaker.process_record(Handshaker.java:
849) 

            at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
1035) 

            at sun.security.ssl.SSLSocketImpl.performInitialHandshake(
SSLSocketImpl.java:1344) 

            at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java
:721) 

            at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:
122) 

            at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream
.java:82) 

            at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:
140) 

            at com.microsoft.tfs.core.httpclient.methods.
EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:597) 

            at com.microsoft.tfs.core.httpclient.HttpMethodBase.writeRequest
(HttpMethodBase.java:2518) 

            at com.microsoft.tfs.core.httpclient.HttpMethodBase.execute(
HttpMethodBase.java:1313) 

            at com.microsoft.tfs.core.httpclient.HttpMethodDirector.
executeWithRetry(HttpMethodDirector.java:508) 

            at com.microsoft.tfs.core.httpclient.HttpMethodDirector.
executeMethod(HttpMethodDirector.java:197) 

            at com.microsoft.tfs.core.httpclient.HttpClient.executeMethod(
HttpClient.java:464) 

            at com.microsoft.tfs.core.httpclient.HttpClient.executeMethod(
HttpClient.java:376) 

            at com.microsoft.tfs.core.ws.runtime.client.SOAPService.
executeSOAPRequestInternal(SOAPService.java:588) 

            ... 19 more 

Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target 

            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.
java:385) 

            at sun.security.validator.PKIXValidator.engineValidate(
PKIXValidator.java:292) 

            at sun.security.validator.Validator.validate(Validator.java:260) 

            at sun.security.ssl.X509TrustManagerImpl.validate(
X509TrustManagerImpl.java:326) 

            at sun.security.ssl.X509TrustManagerImpl.checkTrusted(
X509TrustManagerImpl.java:231) 

            at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(
X509TrustManagerImpl.java:107) 

            at com.microsoft.tfs.core.config.httpclient.internal.
DefaultX509TrustManager.checkServerTrusted(DefaultX509TrustManager.java:181) 

            at sun.security.ssl.AbstractTrustManagerWrapper.
checkServerTrusted(SSLContextImpl.java:885) 

            at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1454) 

            ... 36 more 

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target 

            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild
(SunCertPathBuilder.java:196) 

            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java
:268) 

            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.
java:380) 

            ... 44 more



Best regards,

Rafal

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/f900f819-114d-41d3-b512-9f9b397b4b94%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

TFS plugin PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Reply via email to