Solving Jenkins SSLHandshakeException

In this tutorial we will learn how to solve the Jenkins SSL Handshake Exception which you get when you try to install new Plugins and you don’t have a valid certificate installed in your JDK

A common issue if you are tring to install Jenkins Plugins is an SSL Handshake Exception when you attempt to check the Available Plugins in Jenkins:

FATAL: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)
Caused: javax.net.ssl.SSLHandshakeException
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
	at hudson.model.DownloadService.loadJSON(DownloadService.java:167)
	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:185)
	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1647)
	at jenkins.model.DownloadSettings$DailyCheck.execute(DownloadSettings.java:133)
	at hudson.model.AsyncPeriodicWork$1.run(AsyncPeriodicWork.java:101)
	at java.lang.Thread.run(Thread.java:745)

Why this issue happens? Well the fact is that the default update site where plugins are checked is an https connection, therefore you cannot access it without a valid certificate.

You have mainly two options to solve the issue:

1) Install an SSL Certificate for connecting to Jenkins a secure service (SSL/TLS).

See the following link to follow this approach:

https://support.cloudbees.com/hc/en-us/articles/203821254-How-to-install-a-new-SSL-certificate-

2) Another quick hack is to simply switch the default update site from https to http. Choose Manage Jenkins->Plugin Manager->Advanced

You will see the following update site default:

jenkins sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Now change it to http://updates.jenkins-ci.org/update-center.json

You are done!

Found the article helpful? if so please follow us on Socials