Jenkins GitLab Oauth via https

I had previously configured our Jenkins to use our GitLab server, at  http://git.mycompany.com, for authenticating users, using About GitLab Authentication Plugin.

My company has recently moved the GitLab server connection to https.
I had to edit the config.xml file and change the value of gitlabWebUri and gitlabApiUri to https.
Agter which, jenkins would always print a stacktrace at startup, and I would remain locked-out:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
....
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
....
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It looks like java was not able to validate the certificate presented by our gitlab server. I found the solution in this blog post.

What I did was the following:

    • stop jenkins
    • save the cerificate used by our gitlab in a file

keytool -printcert -rfc -sslserver git.mycompany.com > mycert.pem

    • import the certificate

keytool -importcert -file ./mycert.pem -keystore /usr/java/jdk1.7.0_67/jre/lib/security/cacerts

    • start jenkins

That’s it, it did the trick.

Advertisements
This entry was posted in java, linux, testing. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s