Jenkins为什么为SonarQube和GitLab插件显示“ PKIX路径构建失败”失败?
我找到了这篇文章: https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message
但是似乎并不能完全回答问题。
两个堆栈跟踪:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
和
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
答案 0 :(得分:1)
在将Jenkins配置为与GitLab和SonarQube配合使用时,JVM需要知道服务器的密钥库和与外部站点进行签名的证书颁发机构(信任库),以建立SSL连接。
在CentOS服务器上的/ etc / sysconfig / jenkins中,将以下内容添加到JENKINS_JAVA_OPTIONS属性:
JENKINS_JAVA_OPTIONS="-Djavax.net.ssl.trustStore=<path to trustStore in JKS format> -Djavax.net.ssl.trustStorePassword=<password> -Djavax.ssl.keyStore=<path to server keystore in JKS format> -Djavax.net.ssl.keyStorePassword=<password>"
以上内容与在Jenkins中设置HTTPS不同,后者可以使用以下两个属性进行设置:
JENKINS_HTTPS_KEYSTORE=<path to server keystore in JKS format>
JENKINS_HTTPS_KEYSTORE_PASSWORD=<password>
JENKINS_HTTPS_PORT=<port to listen on for https>
注意:我一直回过头来看CloudBees的这篇文章(https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message),它的keyStore和trustStore是向后的,并且没有说要同时设置它们。