Issue
I was successfully able to install Jenkins using the latest official image https://hub.docker.com/r/jenkins/jenkins and added the https://repo.jenkins-ci.org, https://updates.jenkins-ci.org/, https://updates.jenkins.io/, https://www.jenkins.io/ SSL Certificates to cacerts of jenkins and jdk and provided the cacerts path to JAVA_OPTS but I still get the below exception
hudson.PluginManager#doCheckUpdatesServer: Error checking update sites for 1 attempt(s). Last exception was: SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Below is my compose file
version: '3.7'
services:
jenkins:
image: jenkins/jenkins:lts-jdk11
privileged: true
user: root
environment:
JAVA_OPTS: -Djavax.net.ssl.trustStore=/var/jenkins_home/keystore/cacerts -Dhudson.model.UpdateCenter.pluginDownloadReadTimeoutSeconds=120
ports:
- 8080:8080
- 50000:50000
volumes:
- jenkins_home:/var/jenkins_home
volumes:
jenkins_home:
Certificates added to cacerts
root@**************:/# keytool -list -v -keystore $JENKINS_HOME/keystore/cacerts | grep jenkins
Enter keystore password: **************
Alias name: https://repo.jenkins-ci.org
Owner: CN=repo.jenkins-ci.org
DNSName: repo.jenkins-ci.org
Alias name: https://updates.jenkins-ci.org/
Owner: CN=updates.jenkins-ci.org
DNSName: updates.jenkins-ci.org
Alias name: https://updates.jenkins.io/
Owner: CN=updates.jenkins.io
DNSName: updates.jenkins.io
Alias name: https://www.jenkins.io/
Owner: CN=jenkins.io
DNSName: jenkins.io
root@**************:/#
Where am I going wrong?
Solution
The error message says that the TLS client cannot find a path from the X.509 certificate presented by the server during TLS handshake to any of the X.509 certificates in the truststore. Either you are missing something there, or you are not using the truststore you think you are using. You can check which truststore is used with -Djavax.net.debug=ssl,handshake.
Answered By - automatictester
