I have secured an SVN repository with SSL, so that only via https: / / server / svn / repo could be accessed. For this I include the SSL certificate itself is created and installed in Apache. This was (as always) straightforward and works well.
The developers and testers only had the first call to the new SVN URL confirm the certificate. (Because it was self-generated, it was the default being not to be safe.) Then was the standard work possible again.
The surprise came when the nightly build failed. He reported in [undeploy] Target:
[undeploy] sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target The message is not very user friendly. But obviously there was a problem with the certificate. This error message can be found on Google a lot of ways to fix it. They relate to but generally the use by Tomcat, not to use the catalina ant.jar.
What do you have to fix it within the ant build?
first Check which version of Java is used for the build: It sounds as if that would be granted. But if multiple Java versions on the build server installed, you must exactly the kind of find that is actually used.
second The certificate shall provide that should be used: It is the Apache server (eg,
/ etc/apache2/ssl.crt/beispiel.crt ) and must be copied if necessary to the build server. third Charging with the keytool certificate in a trusted certificate store:
> keytool-keystore / path / to / java / jre / lib / security / my-certs-import-alias-file mein.server.de beispiel.crt-trustcacerts 4th The environment variable
ANT_OPTS share: Before calling ant , the environment variable ANT_OPTS be set so that the new certificate store is used. For example, this:
...
export ANT_OPTS = "Djavax.net.ssl.trustStore = / path / to / java / jre / lib / security / my-certs"
..
ant-f build.xml-
my ...
5th Build start: This should work now.
0 comments:
Post a Comment