How to user CLI, but ignore SSL issues
275 views
Skip to first unread message
MPechner
Oct 27, 2011, 3:43:53 PM10/27/11
to Jenkins Users
Our internal certificates are untrusted. I always have to add the
exception on the browser. So I get a failure. Is there a java option,
cli jar option or keystore method to for the certificates to be
ignored?
I exported the certificate from firefox as a der and tried importing
it to ~/.keystore as well as the cacerts file under JAVA_HOME.
Neither work.
We renew out certificates annually, so these have to be re installed
every year. So the builds will break once a year. right now I am
just evaluating jenkins to see if it is better than Parabuild.
Anyone run into this? Most everything I read assume I am an engineer
writing code, instead of a user trying to run a command.
The ports and hostnames have been changed to protect the innocent :-D
Error:
mpechner-mbp:~ michael.pechner$ java -jar jenkins-cli.jar -s
https://HIDEME.onlive.com:8888/jenkins help
Exception in thread "main" java.io.IOException: Failed to connect to
https://HIDEME.onlive.com:8888/jenkins/
at hudson.cli.CLI.getCliTcpPort(CLI.java:153)
at hudson.cli.CLI.<init>(CLI.java:94)
at hudson.cli.CLI.<init>(CLI.java:83)
at hudson.cli.CLI._main(CLI.java:267)
at hudson.cli.CLI.main(CLI.java:216)
Caused by: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No subject alternative DNS
name matching builda01.pao529.onlive.com found.
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
174)
exception on the browser. So I get a failure. Is there a java option,
cli jar option or keystore method to for the certificates to be
ignored?
I exported the certificate from firefox as a der and tried importing
it to ~/.keystore as well as the cacerts file under JAVA_HOME.
Neither work.
We renew out certificates annually, so these have to be re installed
every year. So the builds will break once a year. right now I am
just evaluating jenkins to see if it is better than Parabuild.
Anyone run into this? Most everything I read assume I am an engineer
writing code, instead of a user trying to run a command.
The ports and hostnames have been changed to protect the innocent :-D
Error:
mpechner-mbp:~ michael.pechner$ java -jar jenkins-cli.jar -s
https://HIDEME.onlive.com:8888/jenkins help
Exception in thread "main" java.io.IOException: Failed to connect to
https://HIDEME.onlive.com:8888/jenkins/
at hudson.cli.CLI.getCliTcpPort(CLI.java:153)
at hudson.cli.CLI.<init>(CLI.java:94)
at hudson.cli.CLI.<init>(CLI.java:83)
at hudson.cli.CLI._main(CLI.java:267)
at hudson.cli.CLI.main(CLI.java:216)
Caused by: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No subject alternative DNS
name matching builda01.pao529.onlive.com found.
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
174)
Brian Parker
Nov 4, 2011, 9:25:21 AM11/4/11
to jenkins...@googlegroups.com
If you need command line access to the API from other hosts, then I don't have a solution. We allow access to Jenkins via http when from localhost, so that we can script (from localhost).
Cheers,
Brian
Reply all
Reply to author
Forward
0 new messages