KBEC-00429 - ec-groovy fails with 'unable to find valid certification path' error when run from CLI

When using ec-groovy to interact with CloudBees CD (CloudBees Flow), you may receive the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is a known issue that may occur when using ec-groovy. The following steps should be followed to resolve this problem:

  1. Obtain the CloudBees CD (CloudBees Flow) server’s certificate using the following command:

    COMMANDER_HOME=/opt/electriccloud/electriccommander && LD_LIBRARY_PATH=$COMMANDER_HOME/lib && OPENSSL_CONF="$COMMANDER_HOME/conf/agentssl.cnf" && echo -e "quit\n" | $COMMANDER_HOME/bin/openssl s_client -connect replace-electricflow-server-name-here:8443

  2. Copy the server certificate contents after “Server certificate” into a file, say ef-server.crt

  3. Verify the certificate contents:

    COMMANDER_HOME=/opt/electriccloud/electriccommander && LD_LIBRARY_PATH=$COMMANDER_HOME/lib && OPENSSL_CONF="$COMMANDER_HOME/conf/agentssl.cnf" && echo -e "quit\n" | $COMMANDER_HOME/bin/openssl x509 -in ef-server.crt -text

  4. Import the certificate into the Java keystore:

    COMMANDER_HOME=/opt/electriccloud/electriccommander && $COMMANDER_HOME/jre/bin/keytool -import -trustcacerts -keystore $COMMANDER_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias myEFcert -file ef-server.crt

  5. ec-groovy should now run successfully from the command-line.

Was this article helpful?
0 out of 0 found this helpful

Have more questions?

0 Comments

Article is closed for comments.