Skip to main content

Jenkins plugin accessing REST server, apparent certificate problem?

Comments

5 comments

  • Joe Kesselman

    Just tried installing the cert into my Docker Jenkins, on my local machine, by inserting it into  $JAVA_HOME/jre/lib/security/cacerts just as I did on the production machine. The Docker version runs fine and contacts the remote Jira server happily.

    The production server still gets 401.

    I'm very confused.

     

    0
  • Joe Kesselman

    Never mind. Kicking myself in the head -- We have too many userIDs and passwords running around, and Jira expects a particular combination that I find counter-intuitive.

    Ouch. User error.

    0
  • Denys Digtiar

    It looks like rubberducking helps indeed :)

    0
  • Joe Kesselman

    Yep.

    Though it still appears that Jira may need the Java option, to be explicitly told where to load the cacerts file from. Haven't seen that with other Java apps, so I'm still partly confused.

    0
  • Denys Digtiar

    Yes, if bundled trust store doesn't include the required certificates it can be overridden by specifying the `javax.net.ssl.trustStore` system properties. We have an SSL Certificates Troubleshooting for such case.

    Some Linux distros have the infrastructure to update both system and JVM cacerts together, e.g. https://packages.debian.org/jessie/ca-certificates-java

    0

Please sign in to leave a comment.

About CloudBees Support

Our Support Engineers are available to help with any questions or problems you may have with any of our products.