Jenkins Slave service StartSSL certificate issues
1,782 views
Skip to first unread message
Marius Gedminas
Nov 23, 2013, 8:55:44 AM11/23/13
to jenkins...@googlegroups.com
I'm trying to set up a Jenkins slave on Windows 2012. I can launch the
slave agent using Java Web Start fine, but it fails to work when
installed as a service.
The problem shows up in c:\buildslave\jenkins-slave.err.log:
Failed to validate a server certificate. If you are using a
self-signed certificate, you can use the -noCertificateCheck option to
bypass this check.
-- full log at https://dpaste.de/dMtE
This is probably caused by Oracle not shipping StartSSL CA certs. So
what I did was launch the Java control panel, find the certificates, and
install the StartSSL ones as user certificates (all five of them, twice:
once in the "Signer CA" list, and once in the "Secure Site CA" list).
This had one effect: when I use Java Web Start, it no longer shows a SSL
certificate trust dialog. Unfortunately it didn't affect the service.
I tried changing the service to run as my user account.
I tried running the script from https://github.com/haron/startssl-java
in case my manual SSL cert installation procedure was wrong.
Nothing worked.
Help?
Marius Gedminas
--
I can barely exit nano.
-- Christian Neukirchen
slave agent using Java Web Start fine, but it fails to work when
installed as a service.
The problem shows up in c:\buildslave\jenkins-slave.err.log:
Failed to validate a server certificate. If you are using a
self-signed certificate, you can use the -noCertificateCheck option to
bypass this check.
-- full log at https://dpaste.de/dMtE
This is probably caused by Oracle not shipping StartSSL CA certs. So
what I did was launch the Java control panel, find the certificates, and
install the StartSSL ones as user certificates (all five of them, twice:
once in the "Signer CA" list, and once in the "Secure Site CA" list).
This had one effect: when I use Java Web Start, it no longer shows a SSL
certificate trust dialog. Unfortunately it didn't affect the service.
I tried changing the service to run as my user account.
I tried running the script from https://github.com/haron/startssl-java
in case my manual SSL cert installation procedure was wrong.
Nothing worked.
Help?
Marius Gedminas
--
I can barely exit nano.
-- Christian Neukirchen
Marius Gedminas
Dec 5, 2013, 3:25:36 AM12/5/13
to jenkins...@googlegroups.com
On Sat, Nov 23, 2013 at 03:55:44PM +0200, Marius Gedminas wrote:
> I'm trying to set up a Jenkins slave on Windows 2012. I can launch the
> slave agent using Java Web Start fine, but it fails to work when
> installed as a service.
>
> The problem shows up in c:\buildslave\jenkins-slave.err.log:
>
> Failed to validate a server certificate. If you are using a
> self-signed certificate, you can use the -noCertificateCheck option to
> bypass this check.
> -- full log at https://dpaste.de/dMtE
>
> This is probably caused by Oracle not shipping StartSSL CA certs.
...
> I'm trying to set up a Jenkins slave on Windows 2012. I can launch the
> slave agent using Java Web Start fine, but it fails to work when
> installed as a service.
>
> The problem shows up in c:\buildslave\jenkins-slave.err.log:
>
> Failed to validate a server certificate. If you are using a
> self-signed certificate, you can use the -noCertificateCheck option to
> bypass this check.
> -- full log at https://dpaste.de/dMtE
>
> This is probably caused by Oracle not shipping StartSSL CA certs.
> I tried running the script from https://github.com/haron/startssl-java
> in case my manual SSL cert installation procedure was wrong.
>
> Nothing worked.
Turns out the script from the startssl-java repository looked for the
> in case my manual SSL cert installation procedure was wrong.
>
> Nothing worked.
system CA cert keystore in the wrong place. Once I fixed it and ran it
again (protip: don't run ./run.bat from Git Bash, it'll get interpreted
as a Bourne shell script, and fail to work), my Jenkins service startup
problem went away.
https://github.com/haron/startssl-java/pull/1
Marius Gedminas
--
Two Ineluctable Facts of Project Planning:
1. If you don’t know what you’re going to build, you can’t know how long it
will take to build it.
2. You only really know what you’re going to build when you finish it.
Reply all
Reply to author
Forward
0 new messages