Jenkins失败,并显示“ PKIX路径构建”错误

时间:2018-10-16 18:54:03

标签: jenkins sonarqube gitlab

Jenkins为什么为SonarQube和GitLab插件显示“ PKIX路径构建失败”失败?

我找到了这篇文章: https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message

但是似乎并不能完全回答问题。

两个堆栈跟踪:

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

1 个答案:

答案 0 :(得分:1)

在将Jenkins配置为与GitLab和SonarQube配合使用时,JVM需要知道服务器的密钥库和与外部站点进行签名的证书颁发机构(信任库),以建立SSL连接。

在CentOS服务器上的/ etc / sysconfig / jenkins中,将以下内容添加到JENKINS_JAVA_OPTIONS属性:

JENKINS_JAVA_OPTIONS="-Djavax.net.ssl.trustStore=<path to trustStore in JKS format> -Djavax.net.ssl.trustStorePassword=<password> -Djavax.ssl.keyStore=<path to server keystore in JKS format> -Djavax.net.ssl.keyStorePassword=<password>"

以上内容与在Jenkins中设置HTTPS不同,后者可以使用以下两个属性进行设置:

JENKINS_HTTPS_KEYSTORE=<path to server keystore in JKS format>
JENKINS_HTTPS_KEYSTORE_PASSWORD=<password>
JENKINS_HTTPS_PORT=<port to listen on for https>

注意:我一直回过头来看CloudBees的这篇文章(https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message),它的keyStore和trustStore是向后的,并且没有说要同时设置它们。