[JIRA] (JENKINS-60896) Vault Plugin SunCertPathBuilderException for Custom CA. Unclear which cacerts to modify.

[triggerazura+jenkinsio@gmail.com (JIRA)]

Diana Arrieta created an issue

Jenkins / JENKINS-60896 Vault Plugin SunCertPathBuilderException for Custom CA. Unclear which cacerts to modify. Issue Type: Bug Assignee: Peter Tierno Components: hashicorp-vault-plugin Created: 2020-01-28 17:03 Environment: Jenkins Version: 2.204.1-cb-2 Hashicorp Vault Plugin: 3.0.0 OS: 4.19.86-coreos, via https://hub.docker.com/r/jenkins/jnlp-slave/ Java Version on Agent: openjdk version "1.8.0_232" Labels: plugin Priority: Minor Reporter: Diana Arrieta I've verified that adding the internal certs necessary to the file $JAVA_HOME/jre/lib/security/cacerts, which is what was suggested on the Stackoverflow link, works with SSLPoke. But the vault plugin doesn't seem to use this cert bundle. So I tried making one in the suggested directory on the 3.0.0 release page which is $JAVA_HOME/lib/jre/cacerts and verified the contents work with SSLPoke. But that also doesn't work for the plugin. I'm willing to send more debugging information if it's needed. Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

[josephp90@gmail.com (JIRA)]

Joseph Petersen commented on JENKINS-60896

Re: Vault Plugin SunCertPathBuilderException for Custom CA. Unclear which cacerts to modify. It is not the agents that authenticates against Vault it is your Jenkins master. So you should add the certificate to the Jenkins master certificate store.

Add Comment