Hi,
I have Jenkins 1.580.3 master instance running with Team Foundation Server
Plug-in (version 3.1.1). (I know it is old) which connects to TFS 2015.
My build jobs are running on Jenkins Slave on Windows 2012 (whereas master
in Linux), slave is using jre1.8.0_91 64bit.
When build starts and code is checked out from TFS I’m getting following
exception (please notice all initial steps deletion/recreation/mapping of
workspace and getting team project from TFS are working fine).
Exception happens when TFS plugin is trying to retrieve history and
initializes IdentityManagementService. And clearly complains about
certificate validation.
We are using internal certificate which is signed with our internal CA
certificates. So I was sure CA are missing in trusted store.
I have added -Djavax.net.ssl.trustStore location in jenkins-slave.xml and
well as added jssecacerts to lib\security of java used for my Jenkins's
slave to run. But still no success.
I have installed skip-certificate-check hoping it will help, but still same
result.
I have tried SSLPoke to connect to TFS URL outside of Jenkins with java
Jenkins is using and it works fine.
Any idea what I could be missing?
Deleting project workspace... done
[workspace] $ TF.EXE workspaces -format:brief -server:xxxxx ********
[workspace] $ TF.EXE workspace -delete nnnnnn -noprompt -server:xxxxx
********
[workspace] $ TF.EXE workspace -new nnnnnn -noprompt -server:xxxxxx ********
[workspace] $ TF.EXE workfold -map $/local\workspace -workspace:nnnnnn -
server:xxxxxx ********
[workspace] $ TF.EXE get . -recursive -version:D2016-08-10T23:35:46Z -noprompt
********
HERE all files are retrieved from TFS
FATAL: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
com.microsoft.tfs.core.exceptions.TECoreException: sun.security.validator.
ValidatorException: PKIX path building failed: sun.security.provider.
certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target
at com.microsoft.tfs.core.exceptions.mappers.
TECoreExceptionMapper.map(TECoreExceptionMapper.java:99)
at com.microsoft.tfs.core.exceptions.mappers.
RegistrationExceptionMapper.map(RegistrationExceptionMapper.java:23)
at com.microsoft.tfs.core.clients.registration.RegistrationData.
newFromServer(RegistrationData.java:70)
at com.microsoft.tfs.core.clients.registration.
RegistrationClient.getRegistrationData(RegistrationClient.java:645)
at com.microsoft.tfs.core.clients.registration.
RegistrationClient.getRegistrationEntry(RegistrationClient.java:188)
at com.microsoft.tfs.core.clients.registration.
RegistrationClient.getRegistrationEntry(RegistrationClient.java:167)
at com.microsoft.tfs.core.clients.webservices.
IdentityManagementService.<init>(IdentityManagementService.java:65)
at hudson.plugins.tfs.model.Project.getVCCHistory(Project.java:
84)
at hudson.plugins.tfs.model.Project.getDetailedHistory(Project.
java:128)
at hudson.plugins.tfs.actions.CheckoutAction.checkout(
CheckoutAction.java:56)
at hudson.plugins.tfs.TeamFoundationServerScm.checkout(
TeamFoundationServerScm.java:176)
at hudson.model.AbstractProject.checkout(AbstractProject.java:
1257)
at hudson.model.AbstractBuild$AbstractBuildExecution.
defaultCheckout(AbstractBuild.java:622)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.
java:86)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(
AbstractBuild.java:528)
at hudson.model.Run.execute(Run.java:1745)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.
java:89)
at hudson.model.Executor.run(Executor.java:240)
Caused by: com.microsoft.tfs.core.ws.runtime.exceptions.TransportException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.
security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.microsoft.tfs.core.ws.runtime.client.SOAPService.
executeSOAPRequestInternal(SOAPService.java:744)
at com.microsoft.tfs.core.ws.runtime.client.SOAPService.
executeSOAPRequest(SOAPService.java:473)
at ms.tfs.services.registration._03._RegistrationSoap12Service.
getRegistrationEntries(_RegistrationSoap12Service.java:105)
at com.microsoft.tfs.core.clients.registration.RegistrationData.
newFromServer(RegistrationData.java:65)
... 16 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.
ValidatorException: PKIX path building failed: sun.security.provider.
certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1916)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1472)
at sun.security.ssl.ClientHandshaker.processMessage(
ClientHandshaker.java:213)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:
849)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
1035)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(
SSLSocketImpl.java:1344)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java
:721)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:
122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream
.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:
140)
at com.microsoft.tfs.core.httpclient.methods.
EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:597)
at com.microsoft.tfs.core.httpclient.HttpMethodBase.writeRequest
(HttpMethodBase.java:2518)
at com.microsoft.tfs.core.httpclient.HttpMethodBase.execute(
HttpMethodBase.java:1313)
at com.microsoft.tfs.core.httpclient.HttpMethodDirector.
executeWithRetry(HttpMethodDirector.java:508)
at com.microsoft.tfs.core.httpclient.HttpMethodDirector.
executeMethod(HttpMethodDirector.java:197)
at com.microsoft.tfs.core.httpclient.HttpClient.executeMethod(
HttpClient.java:464)
at com.microsoft.tfs.core.httpclient.HttpClient.executeMethod(
HttpClient.java:376)
at com.microsoft.tfs.core.ws.runtime.client.SOAPService.
executeSOAPRequestInternal(SOAPService.java:588)
... 19 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.
java:385)
at sun.security.validator.PKIXValidator.engineValidate(
PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(
X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(
X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(
X509TrustManagerImpl.java:107)
at com.microsoft.tfs.core.config.httpclient.internal.
DefaultX509TrustManager.checkServerTrusted(DefaultX509TrustManager.java:181)
at sun.security.ssl.AbstractTrustManagerWrapper.
checkServerTrusted(SSLContextImpl.java:885)
at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1454)
... 36 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild
(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java
:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.
java:380)
... 44 more
Best regards,
Rafal
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/f900f819-114d-41d3-b512-9f9b397b4b94%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
