YUM cacerts and Jenkins Upgrade - Now Git Connection Error - returned status code 128
638 views
Skip to first unread message
Jimmy Ray
Mar 4, 2015, 4:57:06 PM3/4/15
to jenkins...@googlegroups.com
One of our admins performed a YUM update on our AWS Linux Jenkins serve. CA Certs were updated as well as Jenkins. Now existing Jobs are failing and when we try to configure jobs with existing GitHub creds, we get the following errors in Jenkins:
Failed to connect to repository : Command "git ls-remote -h <SOME_GIT_REPO> HEAD" returned status code 128:
stdout:
stderr: fatal: unable to access '<SOME_GIT_REPO>': Peer's certificate issuer has been marked as not trusted by the user.
Failed to connect to repository : Command "git ls-remote -h <SOME_GIT_REPO> HEAD" returned status code 128:stdout:
stderr: fatal: unable to access '<SOME_GIT_REPO>': Peer's certificate issuer has been marked as not trusted by the user.
We have verified that the cacerts used by Java were updated via YUM. Was there a change to how Jenkins uses these certs from the Java JRE? Anyone else seen this issue?
-Jimmy
Jason Pyeron
Mar 4, 2015, 4:59:48 PM3/4/15
to jenkins...@googlegroups.com
> -----Original Message-----
> From: Jimmy Ray
> Sent: Wednesday, March 04, 2015 16:57
>
> One of our admins performed a YUM update on our AWS Linux
> Jenkins serve. CA Certs were updated as well as Jenkins.
There is a direcotry for you to put "your" cacerts, and then when yum updates the root ca certs it will merge yours and exclude you exclusions.
> From: Jimmy Ray
> Sent: Wednesday, March 04, 2015 16:57
>
> One of our admins performed a YUM update on our AWS Linux
> Jenkins serve. CA Certs were updated as well as Jenkins.
I am assuming you are on RHEL.
> Now existing Jobs are failing and when we try to configure
> jobs with existing GitHub creds, we get the following errors
> in Jenkins:
>
> Failed to connect to repository : Command "git ls-remote -h
> <SOME_GIT_REPO> HEAD" returned status code 128:
> stdout:
> stderr: fatal: unable to access '<SOME_GIT_REPO>': Peer's
> certificate issuer has been marked as not trusted by the user.
>
>
>
> We have verified that the cacerts used by Java were updated
> via YUM. Was there a change to how Jenkins uses these certs
> from the Java JRE? Anyone else seen this issue?
>
>
> -Jimmy
>
> --
> <SOME_GIT_REPO> HEAD" returned status code 128:
> stdout:
> stderr: fatal: unable to access '<SOME_GIT_REPO>': Peer's
> certificate issuer has been marked as not trusted by the user.
>
>
>
> We have verified that the cacerts used by Java were updated
> via YUM. Was there a change to how Jenkins uses these certs
> from the Java JRE? Anyone else seen this issue?
>
>
> -Jimmy
>
> You received this message because you are subscribed to the
> Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to jenkinsci-use...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/5d7ef0af-e33
0-46f5-a004-aec17af36ed2%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/5d7ef0af-e3
30-46f5-a004-aec17af36ed2%40googlegroups.com?> utm_medium=email&utm_source=footer> .
> For more options, visit https://groups.google.com/d/optout.
>
>
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
Jimmy Ray
Mar 5, 2015, 11:50:55 AM3/5/15
to jenkins...@googlegroups.com
We verified that the cacert with the correct serial number is trusted in the cacerts that is used by the Java JRE in which Jenkins run. I guess maybe it could still be in a CRL somewhere?
-Jimmy
Reply all
Reply to author
Forward
0 new messages