Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How to create RTC build engine with Jenkins using SSL

When configuring the build engine in RTC I input the https address of the jenkins server. When I go to test the connection I get an SSL handshake error (listed below). I think this is because I have to configure the RTC server, or WebSphere on the RTC server, to accept the certificate and the CA. Does anyone have any suggestions or links to articles on how to configure ssl properly so the build engine and build will work with SSL?

Connection test requested.
    Connecting to: https://host.com/jenkins
    Exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    Test connection FAILED!

1 vote


Accepted answer

Permanent link
 So, I work with the OP and after a bunch of hours tracking this down, I eventually found the issue was the jenkins server apache configuration was using SSLv3. Commenting that out and using only v2 fixed the issue. There are possibly other ways to fix the issue but that is well beyond my skills.

I figure one of these has a bug, or an incompatiblity with SSL v3:
Eclipse Luna
RTC eclipse plugin v5.0.1
Websphere 8.5
Java 1.7u65
Jenkins 1.551
Apache 2.2.15
openssl-1.0.1e
mod_ssl-2.2.15


Dan Clark selected this answer as the correct answer

1 vote

Comments

That fixed the problem. As soon as I disabled SSLv3 the whole thing worked. I can even check "Validate HostName"

Perhaps this should be filed as a bug against RTC? or is this just an issue with SSL in general?

Good to hear, and thanks for letting us know. The H/J integration in RTC currently uses Java's HttpURLConnection obtained via URL.openConnection(), with an "allow all" host name verifier set if "Validate Hostname" is unchecked. So I suspect it's an issue with Java itself. As per this post, you could try adding -Dhttps.protocols=SSLv3 to the startup options for the RTC server.


One other answer

Permanent link
Hi Dan, some things to check:
- can you connect to https://host.com/jenkins in a browser on the same machine running the RTC server?
- is it missing a port setting?
- does host.com have a valid certificate?
- if you uncheck 'Validate Hostname' in the build engine editor, does test connection work?

0 votes

Comments

If it works with Validate Hostname unchecked, but you want to run with it checked, then you may need to import the certificate. See first answer here.


Nick, Thanks for your quick response. To answer your questions:

- Yes, I can open a browser on the host running RTC and connect to https://host.com/jenkins
- I don't see anywhere that I need to add an additional port setting. I'm using the default https port 443
- Host.com has a certificate generated by my company using my company's RootCA certificate.
- Unchecking "Validate Hostname" has no effect on the error

Also, using the direct IP address of the host instead of the hostname has no effect on the error.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 6,121
× 562
× 36

Question asked: Sep 17 '14, 2:17 p.m.

Question was seen: 6,792 times

Last updated: Sep 18 '14, 9:24 a.m.

Confirmation Cancel Confirm