Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

RTC 601/02 ping test to Jenkins server fails with java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath

If there are builds configured which run with an secured Jenkins (SSL) it is not possible to request those builds from RTC 6.0.1 /6.0.2 version

When you perform a "ping" test RTC client to Jenkins server, you will see the following error message.
Exception: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j:PKIX path building failed: java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.;
...
...
error
Test connection FAILED!

This issue wasn't seen in 5.0.2 version. What has been changed in 6.x version which leads to this failure?

You've added the certificate to Application Server, yet isn't able to find the certificate and ping fails, why?

0 votes



2 answers

Permanent link
We are able to trace down this issue. The ping is working and able to kick off build! I will post more.

0 votes


Permanent link
To Resolve in RTC 601/602

1. You need to export Jenkins server certificates to JRE used by the application server.
2. Find the certificates which is used Jenkins server, either open ikeyman from the JRE shipped in WAS or use command line option.
4. Add the Jenkins server certificates as signer certificates to that cacerts keystore
5. Save changes. Restart WAS application server.
5.  Perform, ping test, you will find connection is working.
You're done!

For command line options:
1) Locate the JRE path (depend on OS) in your application server
2) Navigate to bin folder of JRE and adjust certificates location as your company certificates.
    For example the following we've used to import a my-cert-root-ca.cer to JRE cacerts
    C:\ProgramFiles\IBM\WebSphere85\AppServer\java\bin>keytool -importcert -file C:\tmp\Certificates\my-cert-root-ca.cer -alias my-cert-root-ca -keystore ..\jre\lib\security\cacerts -keypass changeit
3) Verify the certificates by running a list command.
C:\ProgramFiles\IBM\WebSphere85\AppServer\java\bin>keytool -list -v -keystore C:\ProgramFiles\IBM\WebSphere855\AppServer\java\jre\bin\cacerts

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Jun 16 '16, 7:44 a.m.

Question was seen: 3,850 times

Last updated: Jun 16 '16, 9:07 a.m.

Confirmation Cancel Confirm