Hi, Am 08.02.23 um 23:29 schrieb TJ Patterson:
That depends on how old your java setup is. Java uses its own truststore to validate server certificates. When installed via system all distributions link to generated truststore with system certificates. So any system update should update them. For manually installed java setup check your truststore. See file $JAVAHOME/lib/security/cacertsHello everyone!We are running Jenkins Master via Docker (Jenkins/Jenkins:LTS Java 11) and then using an NGINX Docker reverse proxy container to provide SSL certificate and more security. We changed the URL in Manage Jenkins > Configure System > Jenkins Location from "http://jenkinsserver.com:8080"; to "https://jenkinsserver.com";We are now receiving an error when connecting the nodes to Jenkins.This is the error from our java JNLP agent connection (I’ve changed server name/node names, etc.):~ % curl -sO https://jenkinsserveraddress/jnlpJars/agent.jar <https://urldefense.com/v3/__https://jenkinsserveraddress/jnlpJars/agent.jar__;!!IfJP2Nwhk5Z0yJ43lA!LSP73T69hCCIULYheCAXT05xtMv6i5tCmMlm1tS_FvKkQnGKfTqm-5LZLjTlAYQcEk5jOyspcsPrHoJf7A3cK85S_kKBbw$>java -jar agent.jar -jnlpUrl https://jenkinsserveraddress/manage/computer/nodename/jenkins-agent.jnlp <https://urldefense.com/v3/__https://jenkinsserveraddress/manage/computer/nodename/jenkins-agent.jnlp__;!!IfJP2Nwhk5Z0yJ43lA!LSP73T69hCCIULYheCAXT05xtMv6i5tCmMlm1tS_FvKkQnGKfTqm-5LZLjTlAYQcEk5jOyspcsPrHoJf7A3cK853VoSLaw$> -secret secretphrasegoeshereException in thread "main" java.io.IOException: Failed to validate a server certificate. If you are using a self-signed certificate, you can use the -noCertificateCheck option to bypass this check.
If not a linked to system trustore you can start your agent withjava -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts -Djavax.net.ssl.trustStorePassword=changeit -jar ...
system package ca-certificates (or similiar) must be installed. Verify location for that file, it depends on your distribution
best regards Thomas -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/f6f9aa7b-d2ac-aec0-bf76-f5fac10d53a0%40proventis.net.
OpenPGP_0x9794716335E9B5AF.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
