[FIXED] Jenkins git plugin: Peer's Certificate issuer is not recognized

Issue

I am having trouble using the jenkins git plugin while trying to connect to a repo hosted via https.

Baue in Arbeitsbereich /opt/jenkins/jobs/TestJob2/workspace
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://my.host.de/group/project # timeout=10
Fetching upstream changes from https://my.host.de/group/project
 > git --version # timeout=10
using GIT_ASKPASS to set credentials Jenkins at my.host.de
 > git fetch --tags --progress https://my.host.de/group/project +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://my.host.de/group/project
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:766)
    at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1022)
    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1053)
    at hudson.scm.SCM.checkout(SCM.java:485)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1269)
    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:607)
    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:529)
    at hudson.model.Run.execute(Run.java:1738)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:410)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress https://my.host.de/group/project +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'https://my.host.de/group/project/': Peer's Certificate issuer is not recognized.

    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1709)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1438)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:764)
    ... 11 more
ERROR: null
Finished: FAILURE

I can't use SSH. The certificate is okay, and everything looks great.

curl -Lv does not show any errors.

I can clone the repository locally ont hat machine when logging in via ssh, no error message either.

Where is the switch I have to change?

I can change this behaviour when setting the git property http.sslVerify to false for the user jenkins is running on, but this is just a workaround.

Solution

I just spent an hour investigating on such an issue.

After setting up CA I tested that on master everything worked great with custom CA being configured into the system.

It took me unfortunately some time to realize that ALL Jenkins agents need to have proper gitconfig or CA certificates installed for it to work properly.

Answered By - akostadinov
Answer Checked By - Willingham (JavaFixing Volunteer)