SSL Issue - Jenkins slave connection issue with TFS

Question

Upgraded the Jenkins.
Created a slave.
Installed latest JDK on Slave machine and launched the slave.
when tagged a job with slave and ran it, getting above error ..
did search on google and as per search added public cert of my target TFS to the java keystore which is in C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\cacerts.
it worked for 2 jobs, for some purpose i un tagged the job and ran on master , again i tagged it back to slave and ran it.. again the issue came back.
tried to add the cert again, but its prompted cert is already in keystore .. 7 did uninstall and re install of slave and changes JAVA version .. no luck.. rest of the log below5)

Building remotely on
node1
in workspace C:\Builds\Jenkins\workspace\Foot_Driver Querying for remote changeset at '$/AEXX/' as of 'D2017-06-23T15:26:13Z'... FATAL: com.microsoft.tfs.core.exceptions.TECoreException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe

Ajay Ajay · Accepted Answer · 2017-07-06T20:17:09

By adding all the certs in the chain to the cacerts, issue got resolved.

Get all the list of certs in the chain by using (replace your domain with google.com)
openssl s_client -host google.com -port 443 -prexit -showcerts
copy each certs in a seprate .pem file eg - VS_cert1.pem, VS_cert2.pem
import all the certs to the java cacerts
keytool -import -alias VS1 -file "C:\Users\xxxx\Desktop\Temp\VS_cert1.pem" -keystore "C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\cacerts"
keytool -import -alias VS2 -file "C:\Users\xxxx\Desktop\Temp\VS_cert2.pem" -keystore "C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\cacerts"
Bounce the service.

SSL Issue - Jenkins slave connection issue with TFS

2 Answers