Following the docs to use Java Web Start and I'm up to the point where I'm running this command on the agent to connect to the controller:
java -jar agent.jar -jnlpUrl https://my-server.com:8888/computer/myslave/slave-agent.jnlp -secret sdfsdfsdfsdf -workDir "c:\Jenkins"
I have a valid public cert. From the slave I can access https://my-server.com:8888 and chrome says the cert is valid so why is Jenkins complaining? Seems dumb to use -noCertificateCheck when I paid good money for the damn thing
Mar 28, 2018 9:34:49 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDir INFO: Using c:\Jenkins\remoting as a remoting work directory Both error and output logs will be printed to c:\Jenkins\remoting Exception in thread "main" java.io.IOException: Failed to validate a server certificate. If you are using a self-signed certificate, you can use the -noCertificateCheck option to bypass this check. at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:548) at hudson.remoting.Launcher.run(Launcher.java:322) at hudson.remoting.Launcher.main(Launcher.java:283) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid c ertification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:490) ... 2 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 14 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 20 more
EDIT:
So I can't connect at all. If I use -noCertificateCheck I get Incorrect acknowledgement sequence Im assuming because Im using HTTPS without validating the cert
my issue was i needed to import the entire cert chain into the java keystore
browsers like chrome will follow aia extensions and download the chain for you but the java keystore wants to make your life hard.