The certificate that xmission uses has been revoked. probably something to make the infra hosting team aware so they can (temporaily) remove the mirror from the pool
/James On Thursday, July 4, 2024 at 7:42:21 AM UTC+1 [email protected] wrote: > Hi, > > I have newly provisioned latest jenkins on one of the RHEL-9 based linux > machine > > *Machine details:* > > NAME="Red Hat Enterprise Linux" > VERSION="9.4 (Plow)" > ID="rhel" > ID_LIKE="fedora" > VERSION_ID="9.4" > > > Java--- > *openjdk version "11.0.23" 2024-04-16 LTS* > OpenJDK Runtime Environment (Red_Hat-11.0.23.0.9-2) (build > 11.0.23+9-LTS) > OpenJDK 64-Bit Server VM (Red_Hat-11.0.23.0.9-2) (build > 11.0.23+9-LTS, mixed mode, sharing) > > while i am trying to install plugins on update centre getting below error > > > [image: image.png] > > and when i click on details this is what i see > > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at > java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148) > at > java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129) > at > java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) > at > java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) > Caused: sun.security.validator.ValidatorException: PKIX path building failed > at > java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) > at > java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) > at > java.base/sun.security.validator.Validator.validate(Validator.java:264) > at > java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) > at > java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) > at > java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) > at > java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341) > Caused: javax.net.ssl.SSLHandshakeException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:360) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:298) > at > java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) > at > java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) > at > java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) > at > java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) > at > java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) > at > java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) > at > java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) > at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) > at > java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1511) > at > java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421) > at > java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456) > at > java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427) > at > java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:580) > at > java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:201) > at > java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect0(HttpURLConnection.java:2837) > at > java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect(HttpURLConnection.java:2749) > at > java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1876) > at > java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1542) > at > java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250) > at > hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1323) > Caused: java.io.IOException: Failed to load > https://updates.jenkins.io/download/plugins/structs/338.v848422169819/structs.hpi > to /var/lib/jenkins/plugins/structs.jpi.tmp > at > hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1334) > Caused: java.io.IOException: Failed to download from > https://updates.jenkins.io/download/plugins/structs/338.v848422169819/structs.hpi > (redirected to: > https://mirror.xmission.com/jenkins/plugins/structs/338.v848422169819/structs.hpi) > at > hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1368) > at hudson.model.UpdateCenter$DownloadJob._run(UpdateCenter.java:1925) > at > hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:2237) > at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1899) > at > java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) > at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) > at > hudson.remoting.AtmostOneThreadExecutor$Worker.run(AtmostOneThreadExecutor.java:121) > at java.base/java.lang.Thread.run(Thread.java:829) > > > *i tried to download the openssl cert and updated the keystore as below* > > > - echo -n | openssl s_client -connect mirror.xmission.com:443 | sed -ne > '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mirror-xmission-cert.pem > - sudo keytool -import -alias mirror-xmission -file > mirror-xmission-cert.pem -keystore > /etc/java/java-11-openjdk/java-11-openjdk-11.0.23.0.9-3.el9.x86_64/lib/security/cacerts > > but even after restart it's the same issue so could anyone please help me out > on the issue. > > > > Thanks And Regards, > Kottisa Sai Bhargav. > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/cbcb7b12-ae13-49a6-8a89-963123661bc3n%40googlegroups.com.
