May 23
Yeni SSL sertifikasını Jenkins ile çalışabilir hale getirme.
Repository tarafında SSL sertifkası guncelleme işleminin ardından, Jenkins build’lerinde aşağıdaki gibi hata aldım.Guncellenen SSL sertifikasına jenkins (java tabanlı)sertifikayı imzalayan firmayı tanımadığı için güvenmiyordu. Bu nedenden dolayı sertifikayı sunucuya ve java trust store tarafına import edip guncellemem gerekti.
“unable to find valid certification path to requested target” error while importing Git repository
1-Download SSL certificate
openssl s_client -showcerts -connect bitbucket.domain.tr:8443 </dev/null 2>/dev/null|openssl x509 -outform PEM > cert.pem2-Create custom trustStore from the JVM
for Unix;
CUSTOM_TrustStore=/home/jekins/.cacerts/
mkdir -p $CUSTOM_TrustStore
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
cp $JAVA_HOME/jre/lib/security/cacerts $CUSTOM_TrustStore
3-İmport Certificate
$JAVA_HOME/bin/keytool -keystore /home/jenkins/.cacerts/cacerts -import -alias bb-certs -file cert.pemDefault password of the JVM TrustStore is changeit (or changeme).
4-Add Certificate to the jenkins startup parameters
Edit “/etc/default/jenkins” file like below
JAVA_ARGS=”-Dorg.apache.commons.jelly.tags.fmt.timeZone=Europe/Istanbul -Dmail.smtp.starttls.enable=true -Djavax.net.ssl.trustStore=/home/jenkins/.cacerts/cacerts -Djavax.net.ssl.trustStorePassword=changeit”5-Restart Jenkins service
sudo systemctl restart jenkins6-import and update certificate in linux OS
sudo openssl s_client -showcerts -connect server.example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > /tmp/server_example_com.pem
sudo cp /tmp/server_example_com.pem /usr/share/ca-certificates/server_example_com.pem
sudo update-ca-certificatesbu linklerde de benzer hata ve çözümleri var.
https://support.cloudbees.com/hc/en-us/articles/203821254-How-to-install-a-new-SSL-certificate-
https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message
