TFS plugin PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

635 views

Skip to first unread message

RG

unread,

Aug 18, 2016, 3:23:32 PM8/18/16

to Jenkins Users

Hi,

I have Jenkins 1.580.3 master instance running with Team Foundation Server Plug-in (version 3.1.1). (I know it is old) which connects to TFS 2015.

My build jobs are running on Jenkins Slave on Windows 2012 (whereas master in Linux), slave is using jre1.8.0_91 64bit.

When build starts and code is checked out from TFS I’m getting following exception (please notice all initial steps deletion/recreation/mapping of workspace and getting team project from TFS are working fine).

Exception happens when TFS plugin is trying to retrieve history and initializes IdentityManagementService. And clearly complains about certificate validation.

We are using internal certificate which is signed with our internal CA certificates. So I was sure CA are missing in trusted store.

I have added -Djavax.net.ssl.trustStore location in jenkins-slave.xml and well as added jssecacerts to lib\security of java used for my Jenkins's slave to run. But still no success.

I have installed skip-certificate-check hoping it will help, but still same result.

I have tried SSLPoke to connect to TFS URL outside of Jenkins with java Jenkins is using and it works fine.

Any idea what I could be missing?

Deleting project workspace... done

 

  

[workspace] $ TF.EXE workspaces -format:brief -server:xxxxx ******** 

  

[workspace] $ TF.EXE workspace -delete nnnnnn -noprompt -server:xxxxx ******** 

[workspace] $ TF.EXE workspace -new nnnnnn -noprompt -server:xxxxxx ******** 

[workspace] $ TF.EXE workfold -map $/local\workspace -workspace:nnnnnn -server:xxxxxx ******** 

[workspace] $ TF.EXE get . -recursive -version:D2016-08-10T23:35:46Z -noprompt ******** 

HERE all files are retrieved from TFS 

  

FATAL: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

com.microsoft.tfs.core.exceptions.TECoreException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

            at com.microsoft.tfs.core.exceptions.mappers.TECoreExceptionMapper.map(TECoreExceptionMapper.java:99) 

            at com.microsoft.tfs.core.exceptions.mappers.RegistrationExceptionMapper.map(RegistrationExceptionMapper.java:23) 

            at com.microsoft.tfs.core.clients.registration.RegistrationData.newFromServer(RegistrationData.java:70) 

            at com.microsoft.tfs.core.clients.registration.RegistrationClient.getRegistrationData(RegistrationClient.java:645) 

            at com.microsoft.tfs.core.clients.registration.RegistrationClient.getRegistrationEntry(RegistrationClient.java:188) 

            at com.microsoft.tfs.core.clients.registration.RegistrationClient.getRegistrationEntry(RegistrationClient.java:167) 

            at com.microsoft.tfs.core.clients.webservices.IdentityManagementService.<init>(IdentityManagementService.java:65) 

            at hudson.plugins.tfs.model.Project.getVCCHistory(Project.java:84) 

            at hudson.plugins.tfs.model.Project.getDetailedHistory(Project.java:128) 

            at hudson.plugins.tfs.actions.CheckoutAction.checkout(CheckoutAction.java:56) 

            at hudson.plugins.tfs.TeamFoundationServerScm.checkout(TeamFoundationServerScm.java:176) 

            at hudson.model.AbstractProject.checkout(AbstractProject.java:1257) 

            at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:622) 

            at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) 

            at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:528) 

            at hudson.model.Run.execute(Run.java:1745) 

            at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) 

            at hudson.model.ResourceController.execute(ResourceController.java:89) 

            at hudson.model.Executor.run(Executor.java:240) 

Caused by: com.microsoft.tfs.core.ws.runtime.exceptions.TransportException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

            at com.microsoft.tfs.core.ws.runtime.client.SOAPService.executeSOAPRequestInternal(SOAPService.java:744) 

            at com.microsoft.tfs.core.ws.runtime.client.SOAPService.executeSOAPRequest(SOAPService.java:473) 

            at ms.tfs.services.registration._03._RegistrationSoap12Service.getRegistrationEntries(_RegistrationSoap12Service.java:105) 

            at com.microsoft.tfs.core.clients.registration.RegistrationData.newFromServer(RegistrationData.java:65) 

            ... 16 more 

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

            at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 

            at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1916) 

            at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) 

            at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) 

            at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1472) 

            at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213) 

            at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913) 

            at sun.security.ssl.Handshaker.process_record(Handshaker.java:849) 

            at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035) 

            at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344) 

            at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721) 

            at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) 

            at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) 

            at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) 

            at com.microsoft.tfs.core.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:597) 

            at com.microsoft.tfs.core.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2518) 

            at com.microsoft.tfs.core.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1313) 

            at com.microsoft.tfs.core.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:508) 

            at com.microsoft.tfs.core.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:197) 

            at com.microsoft.tfs.core.httpclient.HttpClient.executeMethod(HttpClient.java:464) 

            at com.microsoft.tfs.core.httpclient.HttpClient.executeMethod(HttpClient.java:376) 

            at com.microsoft.tfs.core.ws.runtime.client.SOAPService.executeSOAPRequestInternal(SOAPService.java:588) 

            ... 19 more 

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) 

            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) 

            at sun.security.validator.Validator.validate(Validator.java:260) 

            at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) 

            at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) 

            at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:107) 

            at com.microsoft.tfs.core.config.httpclient.internal.DefaultX509TrustManager.checkServerTrusted(DefaultX509TrustManager.java:181) 

            at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:885) 

            at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1454) 

            ... 36 more 

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) 

            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) 

            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) 

            ... 44 more

Best regards,

Rafal

api...@excentia.es

unread,

Aug 22, 2016, 7:22:10 AM8/22/16

to Jenkins Users

Hi,

I have the same problem. I use Jenkins 1.625.3, Team Foundation Server Plugin 4.0.0 to connect to TFS 2015. My jobs are running on Jenkins Slave (as a service) on Windows Server 2012 R2 using Java 1.7.0_80

Any solution to fix the error or workaround?

Regards

Reply all

Reply to author

Forward

0 new messages