Jenkins fails to Start due to HttpsConnectorFactory

Issue

  • Jenkins fails on startup with the following stack trace:
SEVERE: Container startup failed
java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
    at winstone.Launcher.spawnListener(Launcher.java:209)
    at winstone.Launcher.<init>(Launcher.java:149)
    at winstone.Launcher.main(Launcher.java:354)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at Main._main(Main.java:293)
    at Main.main(Main.java:98)
Caused by: java.lang.NoClassDefFoundError: sun/security/x509/CertAndKeyGen
    at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:100)
    at winstone.Launcher.spawnListener(Launcher.java:207)
    ... 8 more
Caused by: java.lang.ClassNotFoundException: sun.security.x509.CertAndKeyGen
    at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
    ... 10 more

Environment

  • Cloudbees Jenkins Operations Center
  • Cloudbees Jenkins Enterprise
  • Jenkins
  • JDK 8+
  • Open JDK 1.7.0_111

Related Issue

JENKINS-25333

Resolution

This is an issue related to the auto-generation of self-signed certificate carried out by the Jetty Winstone container. This feature is fails with JDK 8+ as well as with the latest version of Open JDK 7. For more information, have a look at JENKINS-25333 for more details.

The problem occurs only if you use -httpsPort without providing a keystore or a certificate. In that case Jenkins tries to run with an auto-generated self-signed certificate.

  • One workaround is to provide the keystore like described in the following article How to setup HTTPS within Jetty

  • Another workaround is to manage HTTPS with a reverse proxy

Useful Links

How to setup HTTPS within Jetty with Intermediate certificates
How to install a new SSL certificate
Starting and Accessing Jenkins

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.