TeamCity integration with GitHub is failling

Avatar
Permanently deleted user
Created

Hello, 

I'm having issues to setup a GitHub account on Team city.

When I click on the GitHub icon and I sign-in, I get the message below...

I've research about this issue already and found some posts that unfortunately didn't help.

 

I've already setup the environment variable as the following... (Global Level)

Variable Name: TEAMCITY_SERVER_OPTS

Variable Value: -Djavax.net.ssl.trustStore=C:\TeamCity\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit

--------------

I have added these two lines to C:\ProgramData\JetBrains\TeamCity\config\internal.properties file

TEAMCITY_SERVER_OPTS="-Djavax.net.ssl.trustStore=C:\TeamCity\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit"
-DTEAMCITY_SERVER_OPTS="-Djavax.net.ssl.trustStore=C:\TeamCity\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit"

--------------

BUT I'm not sure if I'm adding the correct certificate to the cacerts.

The way I did was:

  1. Login on GitHub using Firefox
  2. Go to Security tab
  3. Than Certificates
  4. Export certificate
  5. Open cmd as admin
  6. add these two certificates, as I'm not sure which one is the correct

keytool -import -alias github -storepass changeit -noprompt -keystore "C:\TeamCity\jre\lib\security\cacerts" -file C:\Users\mschapa\Desktop\githubcom.crt

keytool -import -alias github1 -storepass changeit -noprompt -keystore "C:\TeamCity\jre\lib\security\cacerts" -file C:\Users\mschapa\Desktop\DigiCertHighAssuranceEVRootCA.crt

Than restart the machine.

But I keep getting the same error message as below...

Could you please help me to identify what I'm doing wrong?

Regards,

Mauro



Error message: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

TeamCity: 10.0 (build 42002)

Operating system: Windows Server 2012 R2 (6.3, x86)

Java: 1.8.0_66-b17 (Oracle Corporation)

Servlet container: Apache Tomcat/7.0.68




Trace: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
	at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
	at jetbrains.buildServer.serverSide.oauth.github.GitHubAccessTokenController.doHandle(GitHubAccessTokenController.java:105)
	at jetbrains.buildServer.controllers.BaseController.handleRequestInternal(BaseController.java:75)
	at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)
	at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:961)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:895)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)
	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:858)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:42)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at jetbrains.buildServer.web.DisableSessionIdFromUrlFilter.doFilter(DisableSessionIdFromUrlFilter.java:8)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:107)
	at jetbrains.buildServer.diagnostic.web.DiagnosticFilter.doFilter(DiagnosticFilter.java:45)
	at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
	at jetbrains.buildServer.web.DependencyParametersCalculationContextFilter.doFilter(DependencyParametersCalculationContextFilter.java:1)
	at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
	at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73)
	at jetbrains.buildServer.web.DelegatingFilter.doFilter(DelegatingFilter.java:2)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:23)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1757)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1716)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
	... 62 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
	... 68 more

Votes

0

Share

8 comments
Avatar
Denis Lapuente
Created

Hi Mauro, and sorry for the delay.


Regarding passing the parameters, definitely that's not the correct approach. If you are using the internal.properties file, you should follow the details here:
https://confluence.jetbrains.com/display/TCD10/TeamCity+Internal+Properties

the -D bit is only when passing them as parameters to the JVM (in the command that runs the server), so you need to get rid of it from the properties file.

On the other hand, are you using github.com? Or a Github enterprise? Because Github.com should be possible to use through HTTPS without needing to set up your own certificates. Adding your own certificates should only be needed for self-signed certificates, which might be the case for enterprise servers

0
Avatar
Permanently deleted user
Created

Hello Denis,

Thank you very much for your reply.

We're using GitHub.com. I made the changes you've said, but I still get the same issue.

TEAMCITY_SERVER_OPTS=javax.net.ssl.trustStore=C:\TeamCity\jre\lib\security\cacerts javax.net.ssl.trustStorePassword=changeit

 

PS: We're currently using 10.0 (build 42002)

 

Just to add more info... When I check the security on our TC page, I get the following message...Do I need my internal site to be secure?

Also, I don't have any external URL for Team city, do I need that?

 

Regards,

Mauro

0
Avatar
Denis Lapuente
Created

Hi Mauro,

you should be able to connect to github.com without needing to add certificates. If you are having issues to connect via SSL without adding extra certificates, please report that particular issue.

You don't need SSL on your own TC server to be able to integrate with GitHub, nor a external URL. When adding OAuth authentication for GitHub, you will need to provide a URL, but it has only to be a URL that is reachable from the computers that are going to access your teamcity server. The OAuth will redirect you to it from your own computer.

Regarding using a secure connection for your own page, it's up to you. We have instructions on setting that up here: https://confluence.jetbrains.com/display/TCD10/Using+HTTPS+to+access+TeamCity+server, but it's definitely not required.

0
Avatar
Permanently deleted user
Created

Hi Denis, 

No luck so far, I got the following messages from the logs...Now we can use HTTPS on our server without any issue, but still not connecting to Github

Could you please let me know if with the license we can get like phone support or a remote session... Because I'm really loosing my hopes at this point.

 

[2017-04-25 17:29:44,077]  ERROR -   jetbrains.buildServer.SERVER - Error javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while processing request: GET '/oauth/github/accessToken.html?action=completeAuthorization&projectId=Ofs&connectionId=PROJECT_EXT_2&callbackUrl=%2Foauth%2Fgithub%2Frepositories.html%3FprojectId%3DOfs%26connectionId%3DPROJECT_EXT_2%26tokenObtained%3Dtrue%26showMode%3Dpopup&code=d95c6ccc5d557035646a&state=TmR2Msby2f7vmSqdFXXPNyIema7ZNbIe', from client :59464, authenticated as 'mauro' (Mauro) {id=6}

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)

        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

        at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)

        at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)

        at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)

        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)

        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)

        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)

        at jetbrains.buildServer.serverSide.oauth.github.GitHubAccessTokenController.doHandle(GitHubAccessTokenController.java:105)

        at jetbrains.buildServer.controllers.BaseController.handleRequestInternal(BaseController.java:75)

        at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)

        at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)

        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:961)

        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:895)

        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)

        at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:858)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)

        at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

        at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:42)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at jetbrains.buildServer.web.DisableSessionIdFromUrlFilter.doFilter(DisableSessionIdFromUrlFilter.java:8)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:107)

        at jetbrains.buildServer.diagnostic.web.DiagnosticFilter.doFilter(DiagnosticFilter.java:45)

        at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)

        at jetbrains.buildServer.web.DependencyParametersCalculationContextFilter.doFilter(DependencyParametersCalculationContextFilter.java:1)

        at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)

        at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73)

        at jetbrains.buildServer.web.DelegatingFilter.doFilter(DelegatingFilter.java:2)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:23)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)

        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)

        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)

        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

        at java.lang.Thread.run(Thread.java:745)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

        at sun.security.validator.Validator.validate(Validator.java:260)

        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)

        ... 61 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)

        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)

        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

        ... 67

0
Avatar
Denis Lapuente
Created

Hi Mauro,

If you have a license, you can contact us more directly through the "Submit a request" button. This said, this issue seems rather weird. Client certificates are only needed for private servers with self-signed certificates. Github is a public server with a valid certificate, so it should just work unless one of the servers in your network is posing as github.com.

The next suggestion would be to upgrade to the last release of TeamCity, then don't use any custom arguments / properties during server startup. Leave the installation "as is", and then try again with the integration and see if it works or not.

0
Avatar
Permanently deleted user
Created

Hey Denis,

So After updating this morning to the latest version, I started getting the following error message:

 

GitHub Request Error

Could not establish SSL connection with URL: https://github.com/login/oauth/access_token, error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (SSL connection error)
Connection: GitHub1 (project: OFS)

 

So I have ran SSLPoke github.com 443

and after importing github certificate to cacerts by following https://github.com/escline/InstallCert

I finally got it working on the SSLPoke class.

But still no luck when using team city.

And after I tried to connect using Team City interface I got this error back when running SSLPoke

java SSLPoke github.com 443
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 15 more

 

I've submitted a request, as per your advice, as this is already consuming too much time.

https://teamcity-support.jetbrains.com/hc/en-us/requests/971364

 

Btw... Should I remove the following from internal properties on Team City?

TEAMCITY_SERVER_OPTS=javax.net.ssl.keyStore=C:\TeamCity\jre\lib\security\cacerts javax.net.ssl.keyStorePassword=changeit javax.net.ssl.trustStore=C:\TeamCity\jre\lib\security\cacerts javax.net.ssl.trustStorePassword=changeit

 

Regards,

Mauro

0
Avatar
Pavel Sher
Created

As suggested by Denis - yes you should remove any custom arguments, including custom TEAMCITY_SERVER_OPTS environment variable.

1
Avatar
Alix Lourme
Created

I confirm that any custom trustStore (-Djavax.net.ssl.trustStore=...) is the root cause of problem.

So if you are using some TeamCity plugin who require some certificate (like OpenStack plugin), think to start from the default ($JAVA_HOME/lib/security/cacerts) or merge them !

0

Please sign in to leave a comment.