Jenkins SSLHandshakeException while publishing to confluence

Question

We recently changed all the certificates and Jenkins seems to have been affected by that. It is unable to publish to confluence and it gives the following error:

ERROR: Publisher com.myyearbook.hudson.plugins.confluence.ConfluencePublisher aborted due to exception
AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode: 
 faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 faultActor: 
 faultNode: 
 faultDetail: 
    {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

We use self signed certificates for our internal services. I added the new certificate into the trust store of the server running jenkins using the keytool command. The problem persist. I am unable to track the source of the problem now. Any help would be highly appreciated.

Thanks, SanZig

Answer 1

I finally figured it out. It was a problem with the location of the trusted keystore. It's better to always add the certificates into the /var/lib/jenkins/.keystore rather than adding in the PATH_TO_JAVA_HOME/jre/lib/security/cacerts. If you still want to add the certificate into the cacerts then an ARG should be added in the application's config file:

JAVA_ARGS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts"

Sometimes you may need to add the certificate in ~/.keystore