Configuring Artifacts Storage for custom S3 Storage
Hi,
We have a NAS system that we would like to use as Artifacts storage, which provides an S3 compatible interface to use it. However, when configuring the Artifacts storage as "S3 Storage" for our service, I have not been able to make it work yet.
Please not that this is not an AWS S3 Storage, but a compatible one provided by our TrueNAS appliance: https://www.truenas.com/docs/core/coretutorials/services/configurings3/
Our S3 service can be used and is accessible from other S3 compatible clients, but for some reason we have not been able to make it work yet with TeamCity, and doing it would make the system usage very, very good.
What follows is a picture of our configuration, please help us get this working. Please note in particular the error message is giving us on that configuration interface:
Failed to process 'buckets' request: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Thanks!
Please sign in to leave a comment.
Hi,
The error you are facing seems related to the SSL certificate from your storage not being recognized as valid:
If you have already added SSL certificates to your TeamCity server, perhaps you need it to check on the side of TrueNAS?
I’ve encountered the same problem.
Here’s what solved it for me when configuring a custom S3-compatible storage (Ceph):
Add the certificate in TeamCity UI
Administration → Projects → Root project → Security → SSL / HTTPS Certificates → Upload certificate
This allows TeamCity to properly validate and connect to your custom S3 endpoint.
Configure your S3 Artifact Storage in Teamcity UI
Administration → Projects → Root project → Artifact Storage → Add new storage
Type: Custom S3
Force virtual host addressing: disabled
Add the certificate to the Java truststore used by the TeamCity agent
TeamCity agents rely on the Java truststore, not the system one, when uploading artifacts.
Import the full certificate chain (domain + intermediate + root) using PowerShell:
& "C:\BuildAgent\jre\bin\keytool.exe" `-importcert -trustcacerts `-alias "mycert_2025" `-file "C:\tmp\mycert_2025_fullchain.pem" `-keystore "C:\BuildAgent\jre\lib\security\cacerts" `-storepass changeitAfter this step, the S3-compatible storage can be added successfully.