SSL Exception #2

pierredeman · 2016-07-27T10:25:18Z

With an HTTPS rundeck URL :

[12:10:26][Step 1/1] Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[12:10:26][Step 1/1] at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
[12:10:26][Step 1/1] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
[12:10:26][Step 1/1] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
[12:10:26][Step 1/1] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
[12:10:26][Step 1/1] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
[12:10:26][Step 1/1] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
[12:10:26][Step 1/1] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
[12:10:26][Step 1/1] at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
[12:10:26][Step 1/1] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
[12:10:26][Step 1/1] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
[12:10:26][Step 1/1] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
[12:10:26][Step 1/1] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
[12:10:26][Step 1/1] at com.squareup.okhttp.Connection.connectTls(Connection.java:235)
[12:10:26][Step 1/1] at com.squareup.okhttp.Connection.connectSocket(Connection.java:199)
[12:10:26][Step 1/1] at com.squareup.okhttp.Connection.connect(Connection.java:172)
[12:10:26][Step 1/1] at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:367)
[12:10:26][Step 1/1] at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
[12:10:26][Step 1/1] at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:328)
[12:10:26][Step 1/1] at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245)
[12:10:26][Step 1/1] at com.squareup.okhttp.Call.getResponse(Call.java:267)
[12:10:26][Step 1/1] at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:224)
[12:10:26][Step 1/1] at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:195)
[12:10:26][Step 1/1] at com.squareup.okhttp.Call.execute(Call.java:79)
[12:10:26][Step 1/1] at com.hadihariri.teamcity.plugins.rundeck.agent.RunDeckAPI.executeJob(RunDeckAPI.kt:33)
[12:10:26][Step 1/1] at com.hadihariri.teamcity.plugins.rundeck.agent.RunDeck.run(RunDeck.kt:58)
[12:10:26][Step 1/1] at com.hadihariri.teamcity.plugins.rundeck.agent.RunDeck.main(RunDeck.kt:22)
[12:10:26][Step 1/1] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[12:10:26][Step 1/1] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
[12:10:26][Step 1/1] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
[12:10:26][Step 1/1] at sun.security.validator.Validator.validate(Validator.java:260)
[12:10:26][Step 1/1] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
[12:10:26][Step 1/1] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
[12:10:26][Step 1/1] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
[12:10:26][Step 1/1] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
[12:10:26][Step 1/1] ... 21 more
[12:10:26][Step 1/1] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[12:10:26][Step 1/1] at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
[12:10:26][Step 1/1] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
[12:10:26][Step 1/1] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
[12:10:26][Step 1/1] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
[12:10:26][Step 1/1] ... 27 more
[12:10:26][Step 1/1] Process exited with code 1

hhariri · 2016-07-27T10:43:05Z

Is the server issuing a certificate from a trusted authority? You need to add the certificate to your certificate store.

sinc59 · 2016-07-27T12:47:02Z

Hello hhariri,
(i'm a colleague of Pierre.)
The certificate of the rundeck server is trusted by an intermediate certificate (trusted it self by an certificate authority).
They certificate is imported in windows and the java keystore of the teamcity agent.

hhariri · 2016-07-29T05:11:01Z

Strange. Usually not having the certificate added and defined in the keystore is the main cause of this problem. I can take a look at this but it won't be immediately unfortunately.

azhurbilo · 2017-01-13T21:58:44Z

I also added trusted CA to $JAVA_HOME/lib/security/cacerts but it doesn't help

[23:53:55][Step 1/1] Starting: /usr/java/jdk1.8.0_92/bin/java -classpath /srv/teamcity/plugins/rundeck-agent/lib/rundeck-common-1.0-SNAPSHOT.jar:/srv/teamcity/plugins/rundeck-agent/lib/rundeck-agent-1.0-SNAPSHOT.jar:/srv/teamcity/plugins/rundeck-agent/lib/kotlin-stdlib-0.14.449.jar:/srv/teamcity/plugins/rundeck-agent/lib/kotlin-runtime-0.14.449.jar:/srv/teamcity/plugins/rundeck-agent/lib/junit-4.12.jar:/srv/teamcity/plugins/rundeck-agent/lib/hamcrest-core-1.3.jar:/srv/teamcity/plugins/rundeck-agent/lib/kotlin-reflect-0.14.449.jar:/srv/teamcity/plugins/rundeck-agent/lib/okhttp-2.5.0.jar:/srv/teamcity/plugins/rundeck-agent/lib/okio-1.6.0.jar:/srv/teamcity/lib/common.jar:/srv/teamcity/lib/jdom.jar:/srv/teamcity/lib/openapi.jar:/srv/teamcity/lib/log4j-1.2.12.jar:/srv/teamcity/lib/serviceMessages.jar:/srv/teamcity/lib/xercesImpl.jar com.hadihariri.teamcity.plugins.rundeck.agent.RunDeck /srv/teamcity/temp/buildTmp/teamcity.runner8665902101042177960.properties
[23:53:55][Step 1/1] in directory: /srv/teamcity/work/f4b650115af4da
[23:53:56][Step 1/1] Artifacts cache is not available, skipping.
[23:53:59][Step 1/1] Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[23:53:59][Step 1/1] 	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
[23:53:59][Step 1/1] 	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
[23:53:59][Step 1/1] 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
[23:53:59][Step 1/1] 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
[23:53:59][Step 1/1] 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
[23:53:59][Step 1/1] 	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
[23:53:59][Step 1/1] 	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
[23:53:59][Step 1/1] 	at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
[23:53:59][Step 1/1] 	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
[23:53:59][Step 1/1] 	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
[23:53:59][Step 1/1] 	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
[23:53:59][Step 1/1] 	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.Connection.connectTls(Connection.java:235)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.Connection.connectSocket(Connection.java:199)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.Connection.connect(Connection.java:172)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:367)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:328)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.Call.getResponse(Call.java:267)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:224)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:195)
[23:53:59][Step 1/1] 	at com.squareup.okhttp.Call.execute(Call.java:79)
[23:53:59][Step 1/1] 	at com.hadihariri.teamcity.plugins.rundeck.agent.RunDeckAPI.executeJob(RunDeckAPI.kt:33)
[23:53:59][Step 1/1] 	at com.hadihariri.teamcity.plugins.rundeck.agent.RunDeck.run(RunDeck.kt:58)
[23:53:59][Step 1/1] 	at com.hadihariri.teamcity.plugins.rundeck.agent.RunDeck.main(RunDeck.kt:22)
[23:53:59][Step 1/1] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[23:53:59][Step 1/1] 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
[23:53:59][Step 1/1] 	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
[23:53:59][Step 1/1] 	at sun.security.validator.Validator.validate(Validator.java:260)
[23:53:59][Step 1/1] 	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
[23:53:59][Step 1/1] 	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
[23:53:59][Step 1/1] 	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
[23:53:59][Step 1/1] 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
[23:53:59][Step 1/1] 	... 21 more
[23:53:59][Step 1/1] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[23:53:59][Step 1/1] 	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
[23:53:59][Step 1/1] 	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
[23:53:59][Step 1/1] 	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
[23:53:59][Step 1/1] 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
[23:53:59][Step 1/1] 	... 27 more
[23:53:59][Step 1/1] Process exited with code 1

dmitry-yackevich · 2017-01-30T07:46:41Z

Hi, seems the main problem is in java environment variables.
For gathering correct cacerts path you can use this link:
http://stackoverflow.com/questions/11936685/how-to-obtain-the-location-of-cacerts-of-the-default-java-installation
In our case

# readlink /etc/alternatives/java
/usr/java/jdk1.8.0_45/jre/bin/java

But in Teamcity settings:
env.JAVA_HOME /usr/java/latest
And its pointed to the different version of java executable:

# readlink /usr/java/latest
/usr/java/jdk1.8.0_92

If you import crt file to correct keystore plugin will work

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SSL Exception #2

SSL Exception #2

pierredeman commented Jul 27, 2016

hhariri commented Jul 27, 2016

sinc59 commented Jul 27, 2016

hhariri commented Jul 29, 2016

azhurbilo commented Jan 13, 2017

dmitry-yackevich commented Jan 30, 2017

SSL Exception #2

SSL Exception #2

Comments

pierredeman commented Jul 27, 2016

hhariri commented Jul 27, 2016

sinc59 commented Jul 27, 2016

hhariri commented Jul 29, 2016

azhurbilo commented Jan 13, 2017

dmitry-yackevich commented Jan 30, 2017