如何从jenkins访问本地github?我收到对等证书错误。
git clone https://abcd.efgh.ijk.state.ih.us/DataLake/project.git
Cloning into 'project'...
fatal: unable to access 'https://abcd.efgh.ijk.state.ih.us/DataLake/project.git/': Peer's Certificate issuer is not recognized.
要测试,我可以ssh进入计算机,并且我可以在设置后进行git clone
git config --global http.sslverify false,然后提示我提供用户名和密码。但是我需要詹金斯能够克隆它。
在阅读了有关添加SSL证书的其他帖子后,我尝试了
openssl s_client -CApath /etc/ssl/certs/ -connect abcd.efgh.ijk.state.ih.us:443
响应看起来像这样
CONNECTED(00000003)
depth=0 XXXXXXXXXXXXXXX
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 XXXXXXXXXXXXXXX
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
0 s:xxxxxxxx
i:xxxxxxxx
Server certificate
-----BEGIN CERTIFICATE-----
YYYY/....
....
-----END CERTIFICATE-----
subject=xxxxxxxx issuer=xxxxxx
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 2557 bytes and written 415 bytes
New, TLSv1/SSLv3, Cipher is .....
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : .......
Session-ID: .......
Session-ID-ctx:
Master-Key: ..................
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1565710526
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
closed
答案 0 :(得分:0)
这可能是由于SSL链不完整(as in here)
如果可以从互联网访问otherdomain,则可以使用ssllabs.com/ssltest进行分析(如果有TLS configuration issue的话)
您可以通过whatsmychaincert.com
您需要将它们添加到Jenkins JVM trustore。
答案 1 :(得分:0)
检查您的代理服务器设置以及 git/opnssl 设置也是一个好主意。它通过更新最新的代理地址解决了我的问题。