Artifactory https 证书信任

最新推荐文章于 2024-02-29 15:47:20 发布

富贵007

最新推荐文章于 2024-02-29 15:47:20 发布

阅读量546

点赞数

原文链接：https://editor.csdn.net/md

版权

问题：
Artifactory fails to make secure connection to a remote URL (e.g. when Test button is clicked at Admin => Repositories => your repository => Test =>Artifactory UI displays “Connection failed with exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target” error )

REASON: The error is caused because JAVA that Artifactory runs on does not have root certificate of the remote URL trusted on its trusted root certificate store.

RESOLUTION:

NOTE: For Artifactory High Availability, perform the following steps at all of the HA nodes,

Get remote site’s root and intermediate certificates by running openssl s_client -showcerts -connect <REMOTE_URL>:<REMOTE_PORT>

For example, openssl s_client -showcerts -connect google.com:443

Save each certificate as a file

For example,

s:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
i:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com

The example above indicates that the issuer (i:) is the same as the subject (s:), which indicates that it is the root certificate.
Save the hash of the certificate (include —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– ) and save it as root.crt .

Identify which JVM that Artifactory runs on
Import root and intermediate certificates to the trusted root certificate of the JAVA found above (usually called “cacerts”) by using keytool import command. For more information, please visit https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html

For example,
sudo keytool -importcert -keystore /usr/local/java/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit -file ~/Downloads/RHEL-cert/root.crt -alias “rhel-root”

Verify the change at Admin => Repositories => your remote repository => Test => If it still fails then you may need to restart Artifactory for the change to take effect