Jenkins安装后,安装插件报错SunCertPathBuilderException

Jenkins(2020年及以后版本)安装后,插件下载时失败,网上找了各种解决方法,修改jenkins插件的下载源地址:找到菜单Manage Jenkins → Manage Plugins  → Advanced  → Update Site,

把URL改为https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json或把默认地址https://updates.jenkins.io/update-center.json的https改为http。

我把这些方法都试了以后,下载插件还是报错,心凉凉的很。学技术的都最怕遇到环境问题,一个小环境问题可能要倒腾好几天,让人心灰意冷。嘿嘿,在我刚要选择投降放弃时,突然柳暗花明又一村,最终找到了Jenkins安装插件失败的解决方法。

1.报错图:

Jenkins安装后,安装插件报错SunCertPathBuilderException

 

报错的首行提示:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Jenkins安装后,安装插件报错SunCertPathBuilderException

 

 报错原因:访问https的插件地址因为安全证书问题而报错。

 

2.解决方案:

1、先编译如下文件InstallCert.java
命令:javac InstallCert.java;

2. 再运行InstallCert类,命令:java InstallCert <hostname>;出现提示后按1,回车。会生成jssecacerts 文件。
   PS:hostname 为 mirrors.tuna.tsinghua.edu.cn
3、然后将生成的 jssecacerts 文件,拷贝到jdk中,目录位置:%JAVA_HOME%\jre\lib\security 
(例如D:\Program Files\Java\jdk1.8.0_71\jre\lib\security)

4.最后重新启动jenkins,证书才能生效。
文件:InstallCert.java
  1 /* 
  2  * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved. 
  3  * 
  4  * Redistribution and use in source and binary forms, with or without 
  5  * modification, are permitted provided that the following conditions 
  6  * are met: 
  7  * 
  8  *   - Redistributions of source code must retain the above copyright 
  9  *     notice, this list of conditions and the following disclaimer. 
 10  * 
 11  *   - Redistributions in binary form must reproduce the above copyright 
 12  *     notice, this list of conditions and the following disclaimer in the 
 13  *     documentation and/or other materials provided with the distribution. 
 14  * 
 15  *   - Neither the name of Sun Microsystems nor the names of its 
 16  *     contributors may be used to endorse or promote products derived 
 17  *     from this software without specific prior written permission. 
 18  * 
 19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 
 20  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
 21  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
 22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
 23  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
 24  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
 25  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 
 26  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
 27  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
 28  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
 29  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
 30  */  
 31   
 32 import java.io.BufferedReader;  
 33 import java.io.File;  
 34 import java.io.FileInputStream;  
 35 import java.io.FileOutputStream;  
 36 import java.io.InputStream;  
 37 import java.io.InputStreamReader;  
 38 import java.io.OutputStream;  
 39 import java.security.KeyStore;  
 40 import java.security.MessageDigest;  
 41 import java.security.cert.CertificateException;  
 42 import java.security.cert.X509Certificate;  
 43   
 44 import javax.net.ssl.SSLContext;  
 45 import javax.net.ssl.SSLException;  
 46 import javax.net.ssl.SSLSocket;  
 47 import javax.net.ssl.SSLSocketFactory;  
 48 import javax.net.ssl.TrustManager;  
 49 import javax.net.ssl.TrustManagerFactory;  
 50 import javax.net.ssl.X509TrustManager;  
 51   
 52 public class InstallCert {  
 53   
 54     public static void main(String[] args) throws Exception {  
 55         String host;  
 56         int port;  
 57         char[] passphrase;  
 58         if ((args.length == 1) || (args.length == 2)) {  
 59             String[] c = args[0].split(":");  
 60             host = c[0];  
 61             port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);  
 62             String p = (args.length == 1) ? "changeit" : args[1];  
 63             passphrase = p.toCharArray();  
 64         } else {  
 65             System.out  
 66                     .println("Usage: java InstallCert <host>[:port] [passphrase]");  
 67             return;  
 68         }  
 69   
 70         File file = new File("jssecacerts");  
 71         if (file.isFile() == false) {  
 72             char SEP = File.separatorChar;  
 73             File dir = new File(System.getProperty("java.home") + SEP + "lib"  
 74                     + SEP + "security");  
 75             file = new File(dir, "jssecacerts");  
 76             if (file.isFile() == false) {  
 77                 file = new File(dir, "cacerts");  
 78             }  
 79         }  
 80         System.out.println("Loading KeyStore " + file + "...");  
 81         InputStream in = new FileInputStream(file);  
 82         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());  
 83         ks.load(in, passphrase);  
 84         in.close();  
 85   
 86         SSLContext context = SSLContext.getInstance("TLS");  
 87         TrustManagerFactory tmf = TrustManagerFactory  
 88                 .getInstance(TrustManagerFactory.getDefaultAlgorithm());  
 89         tmf.init(ks);  
 90         X509TrustManager defaultTrustManager = (X509TrustManager) tmf  
 91                 .getTrustManagers()[0];  
 92         SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);  
 93         context.init(null, new TrustManager[] { tm }, null);  
 94         SSLSocketFactory factory = context.getSocketFactory();  
 95   
 96         System.out  
 97                 .println("Opening connection to " + host + ":" + port + "...");  
 98         SSLSocket socket = (SSLSocket) factory.createSocket(host, port);  
 99         socket.setSoTimeout(10000);  
100         try {  
101             System.out.println("Starting SSL handshake...");  
102             socket.startHandshake();  
103             socket.close();  
104             System.out.println();  
105             System.out.println("No errors, certificate is already trusted");  
106         } catch (SSLException e) {  
107             System.out.println();  
108             e.printStackTrace(System.out);  
109         }  
110   
111         X509Certificate[] chain = tm.chain;  
112         if (chain == null) {  
113             System.out.println("Could not obtain server certificate chain");  
114             return;  
115         }  
116   
117         BufferedReader reader = new BufferedReader(new InputStreamReader(  
118                 System.in));  
119   
120         System.out.println();  
121         System.out.println("Server sent " + chain.length + " certificate(s):");  
122         System.out.println();  
123         MessageDigest sha1 = MessageDigest.getInstance("SHA1");  
124         MessageDigest md5 = MessageDigest.getInstance("MD5");  
125         for (int i = 0; i < chain.length; i++) {  
126             X509Certificate cert = chain[i];  
127             System.out.println(" " + (i + 1) + " Subject "  
128                     + cert.getSubjectDN());  
129             System.out.println("   Issuer  " + cert.getIssuerDN());  
130             sha1.update(cert.getEncoded());  
131             System.out.println("   sha1    " + toHexString(sha1.digest()));  
132             md5.update(cert.getEncoded());  
133             System.out.println("   md5     " + toHexString(md5.digest()));  
134             System.out.println();  
135         }  
136   
137         System.out  
138                 .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");  
139         String line = reader.readLine().trim();  
140         int k;  
141         try {  
142             k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;  
143         } catch (NumberFormatException e) {  
144             System.out.println("KeyStore not changed");  
145             return;  
146         }  
147   
148         X509Certificate cert = chain[k];  
149         String alias = host + "-" + (k + 1);  
150         ks.setCertificateEntry(alias, cert);  
151   
152         OutputStream out = new FileOutputStream("jssecacerts");  
153         ks.store(out, passphrase);  
154         out.close();  
155   
156         System.out.println();  
157         System.out.println(cert);  
158         System.out.println();  
159         System.out  
160                 .println("Added certificate to keystore 'jssecacerts' using alias '"  
161                         + alias + "'");  
162     }  
163   
164     private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();  
165   
166     private static String toHexString(byte[] bytes) {  
167         StringBuilder sb = new StringBuilder(bytes.length * 3);  
168         for (int b : bytes) {  
169             b &= 0xff;  
170             sb.append(HEXDIGITS[b >> 4]);  
171             sb.append(HEXDIGITS[b & 15]);  
172             sb.append(' ');  
173         }  
174         return sb.toString();  
175     }  
176   
177     private static class SavingTrustManager implements X509TrustManager {  
178   
179         private final X509TrustManager tm;  
180         private X509Certificate[] chain;  
181   
182         SavingTrustManager(X509TrustManager tm) {  
183             this.tm = tm;  
184         }  
185   
186         public X509Certificate[] getAcceptedIssuers() {  
187             throw new UnsupportedOperationException();  
188         }  
189   
190         public void checkClientTrusted(X509Certificate[] chain, String authType)  
191                 throws CertificateException {  
192             throw new UnsupportedOperationException();  
193         }  
194   
195         public void checkServerTrusted(X509Certificate[] chain, String authType)  
196                 throws CertificateException {  
197             this.chain = chain;  
198             tm.checkServerTrusted(chain, authType);  
199         }  
200     }  
201   
202 }  

 

 

 

 

上一篇:JavaScript Scope Chain


下一篇:顺达主管(顺达主管)