在新机器上安装jenkins后,安装插件报如下错误
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) Caused: sun.security.validator.ValidatorException: PKIX path building failed at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) Caused: javax.net.ssl.SSLHandshakeException at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at hudson.model.DownloadService.loadJSON(DownloadService.java:167) at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:190) at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1633) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:52) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:186) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:138) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:85) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:619) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:417) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
第一次遇到这种问题,百度了下找到如下解决方案
原方案地址:
http://blog.csdn.net/faye0412/article/details/6883879
简要摘录如下
新建一个java文件,代码如下
1 /* 2 * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * - Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 11 * - Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * - Neither the name of Sun Microsystems nor the names of its 16 * contributors may be used to endorse or promote products derived 17 * from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 20 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 27 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 import java.io.BufferedReader; 33 import java.io.File; 34 import java.io.FileInputStream; 35 import java.io.FileOutputStream; 36 import java.io.InputStream; 37 import java.io.InputStreamReader; 38 import java.io.OutputStream; 39 import java.security.KeyStore; 40 import java.security.MessageDigest; 41 import java.security.cert.CertificateException; 42 import java.security.cert.X509Certificate; 43 44 import javax.net.ssl.SSLContext; 45 import javax.net.ssl.SSLException; 46 import javax.net.ssl.SSLSocket; 47 import javax.net.ssl.SSLSocketFactory; 48 import javax.net.ssl.TrustManager; 49 import javax.net.ssl.TrustManagerFactory; 50 import javax.net.ssl.X509TrustManager; 51 52 public class InstallCert { 53 54 public static void main(String[] args) throws Exception { 55 String host; 56 int port; 57 char[] passphrase; 58 if ((args.length == 1) || (args.length == 2)) { 59 String[] c = args[0].split(":"); 60 host = c[0]; 61 port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); 62 String p = (args.length == 1) ? "changeit" : args[1]; 63 passphrase = p.toCharArray(); 64 } else { 65 System.out 66 .println("Usage: java InstallCert <host>[:port] [passphrase]"); 67 return; 68 } 69 70 File file = new File("jssecacerts"); 71 if (file.isFile() == false) { 72 char SEP = File.separatorChar; 73 File dir = new File(System.getProperty("java.home") + SEP + "lib" 74 + SEP + "security"); 75 file = new File(dir, "jssecacerts"); 76 if (file.isFile() == false) { 77 file = new File(dir, "cacerts"); 78 } 79 } 80 System.out.println("Loading KeyStore " + file + "..."); 81 InputStream in = new FileInputStream(file); 82 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 83 ks.load(in, passphrase); 84 in.close(); 85 86 SSLContext context = SSLContext.getInstance("TLS"); 87 TrustManagerFactory tmf = TrustManagerFactory 88 .getInstance(TrustManagerFactory.getDefaultAlgorithm()); 89 tmf.init(ks); 90 X509TrustManager defaultTrustManager = (X509TrustManager) tmf 91 .getTrustManagers()[0]; 92 SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); 93 context.init(null, new TrustManager[] { tm }, null); 94 SSLSocketFactory factory = context.getSocketFactory(); 95 96 System.out 97 .println("Opening connection to " + host + ":" + port + "..."); 98 SSLSocket socket = (SSLSocket) factory.createSocket(host, port); 99 socket.setSoTimeout(10000); 100 try { 101 System.out.println("Starting SSL handshake..."); 102 socket.startHandshake(); 103 socket.close(); 104 System.out.println(); 105 System.out.println("No errors, certificate is already trusted"); 106 } catch (SSLException e) { 107 System.out.println(); 108 e.printStackTrace(System.out); 109 } 110 111 X509Certificate[] chain = tm.chain; 112 if (chain == null) { 113 System.out.println("Could not obtain server certificate chain"); 114 return; 115 } 116 117 BufferedReader reader = new BufferedReader(new InputStreamReader( 118 System.in)); 119 120 System.out.println(); 121 System.out.println("Server sent " + chain.length + " certificate(s):"); 122 System.out.println(); 123 MessageDigest sha1 = MessageDigest.getInstance("SHA1"); 124 MessageDigest md5 = MessageDigest.getInstance("MD5"); 125 for (int i = 0; i < chain.length; i++) { 126 X509Certificate cert = chain[i]; 127 System.out.println(" " + (i + 1) + " Subject " 128 + cert.getSubjectDN()); 129 System.out.println(" Issuer " + cert.getIssuerDN()); 130 sha1.update(cert.getEncoded()); 131 System.out.println(" sha1 " + toHexString(sha1.digest())); 132 md5.update(cert.getEncoded()); 133 System.out.println(" md5 " + toHexString(md5.digest())); 134 System.out.println(); 135 } 136 137 System.out 138 .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); 139 String line = reader.readLine().trim(); 140 int k; 141 try { 142 k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; 143 } catch (NumberFormatException e) { 144 System.out.println("KeyStore not changed"); 145 return; 146 } 147 148 X509Certificate cert = chain[k]; 149 String alias = host + "-" + (k + 1); 150 ks.setCertificateEntry(alias, cert); 151 152 OutputStream out = new FileOutputStream("jssecacerts"); 153 ks.store(out, passphrase); 154 out.close(); 155 156 System.out.println(); 157 System.out.println(cert); 158 System.out.println(); 159 System.out 160 .println("Added certificate to keystore 'jssecacerts' using alias '" 161 + alias + "'"); 162 } 163 164 private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); 165 166 private static String toHexString(byte[] bytes) { 167 StringBuilder sb = new StringBuilder(bytes.length * 3); 168 for (int b : bytes) { 169 b &= 0xff; 170 sb.append(HEXDIGITS[b >> 4]); 171 sb.append(HEXDIGITS[b & 15]); 172 sb.append(' '); 173 } 174 return sb.toString(); 175 } 176 177 private static class SavingTrustManager implements X509TrustManager { 178 179 private final X509TrustManager tm; 180 private X509Certificate[] chain; 181 182 SavingTrustManager(X509TrustManager tm) { 183 this.tm = tm; 184 } 185 186 public X509Certificate[] getAcceptedIssuers() { 187 throw new UnsupportedOperationException(); 188 } 189 190 public void checkClientTrusted(X509Certificate[] chain, String authType) 191 throws CertificateException { 192 throw new UnsupportedOperationException(); 193 } 194 195 public void checkServerTrusted(X509Certificate[] chain, String authType) 196 throws CertificateException { 197 this.chain = chain; 198 tm.checkServerTrusted(chain, authType); 199 } 200 } 201 202 }
编译InstallCert.java,然后执行:java InstallCert updates.jenkins.io
将证书jssecacerts拷贝到$JAVA_HOME/jre/lib/security目录下,重启tomcat即可