It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×42,790
×4,693

question asked: Jun 16 '16, 7:44 a.m.
question was seen: 3,148 times
last updated: Jun 16 '16, 9:07 a.m.

Related questions

FAQ - How this Forum works

RTC 601/02 ping test to Jenkins server fails with java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath

0
Natarajan Thirumeni (298731) | asked Jun 16 '16, 7:44 a.m.
If there are builds configured which run with an secured Jenkins (SSL) it is not possible to request those builds from RTC 6.0.1 /6.0.2 version

When you perform a "ping" test RTC client to Jenkins server, you will see the following error message.
Exception: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j:PKIX path building failed: java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.;
...
...
error
Test connection FAILED!

This issue wasn't seen in 5.0.2 version. What has been changed in 6.x version which leads to this failure?

You've added the certificate to Application Server, yet isn't able to find the certificate and ping fails, why?

2 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Natarajan Thirumeni (298731) | answered Jun 16 '16, 7:57 a.m.
We are able to trace down this issue. The ping is working and able to kick off build! I will post more.
0
permanent link
Natarajan Thirumeni (298731) | answered Jun 16 '16, 9:07 a.m.
To Resolve in RTC 601/602

1. You need to export Jenkins server certificates to JRE used by the application server.
2. Find the certificates which is used Jenkins server, either open ikeyman from the JRE shipped in WAS or use command line option.
4. Add the Jenkins server certificates as signer certificates to that cacerts keystore
5. Save changes. Restart WAS application server.
5.  Perform, ping test, you will find connection is working.
You're done!

For command line options:
1) Locate the JRE path (depend on OS) in your application server
2) Navigate to bin folder of JRE and adjust certificates location as your company certificates.
    For example the following we've used to import a my-cert-root-ca.cer to JRE cacerts
    C:\ProgramFiles\IBM\WebSphere85\AppServer\java\bin>keytool -importcert -file C:\tmp\Certificates\my-cert-root-ca.cer -alias my-cert-root-ca -keystore ..\jre\lib\security\cacerts -keypass changeit
3) Verify the certificates by running a list command.
C:\ProgramFiles\IBM\WebSphere85\AppServer\java\bin>keytool -list -v -keystore C:\ProgramFiles\IBM\WebSphere855\AppServer\java\jre\bin\cacerts

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.