【jenkins】不能下载插件报错...certpath.SunCertPathBuilderException: unable to find valid certification path解决

现象:

安装jenkins后下载插件报错日志如下:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
Caused: javax.net.ssl.SSLHandshakeException
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)

原因:

默认证书有问题 

解决:

1.更新站点

https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json

 2.进入jenkins站点更新目录修改默认json配置

 cd /var/lib/jenkins/updates/

全局替换default.json里面的下载插件地址:

sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json 

sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json 

3.查找证书路径:

find / -type f -name cacerts

找到了上面的地址: /etc/pki/ca-trust/extracted/java/cacerts

4.修改jenkins配置文件

 vi /etc/sysconfig/jenkins

JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts"

 5.重启jenkins生效

 systemctl restart jenkins

参考链接: https://www.cnblogs.com/tanghu/p/12869658.html

GitHub - escline/InstallCert: Java program to retrieve server certificate that can be added to local keystore