In this tutorial we will learn how to solve the Jenkins SSL Handshake Exception which you get when you try to install new Plugins and you don't have a valid certificate installed in your JDK

A common issue if you are tring to install Jenkins Plugins is an SSL Handshake Exception when you attempt to check the Available Plugins in Jenkins:

FATAL: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)
Caused: javax.net.ssl.SSLHandshakeException
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
	at hudson.model.DownloadService.loadJSON(DownloadService.java:167)
	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:185)
	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1647)
	at jenkins.model.DownloadSettings$DailyCheck.execute(DownloadSettings.java:133)
	at hudson.model.AsyncPeriodicWork$1.run(AsyncPeriodicWork.java:101)
	at java.lang.Thread.run(Thread.java:745)

Why this issue happens? Well the fact is that the default update site where plugins are checked is an https connection, therefore you cannot access it without a valid certificate.

You have mainly two options to solve the issue:

1) Install an SSL Certificate for connecting to Jenkins a secure service (SSL/TLS).

See the following link to follow this approach:

https://support.cloudbees.com/hc/en-us/articles/203821254-How-to-install-a-new-SSL-certificate-

2) Another quick hack is to simply switch the default update site from https to http. Choose Manage Jenkins->Plugin Manager->Advanced

You will see the following update site default:

jenkins sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Now change it to http://updates.jenkins-ci.org/update-center.json

You are done!

0
0
0
s2smodern