Github enterprise authentication
Cannot authenticate to corp Github account:
Error message: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Please sign in to leave a comment.
Hello Randy,
I think you get these errors because TeamCity unaware of your ssl certificate. Please import the certificate into a trustStore, to do that run the command:
keytool -import -file <path to your ssl certificate> -alias <alias for the certificate> -keystore <trustStore>
And then specify a trustStore for TeamCity, for example you can do that by changing options of TeamCity server:
TEAMCITY_SERVER_OPTS="$TEAMCITY_SERVER_OPTS -Djavax.net.ssl.trustStore=/path/to/trustStore -Djavax.net.ssl.trustStorePassword=<trustStore password>"
Let me know if it helps.
We have added the TC server to our domain. I now run the windows service as a domain user who is admin on that machine. I exported root cert from corp github account to C:\TeamCity\jre\lib\security\cacerts. I listed the certs and can see it. I added the TEAMCITY_SERVER_OPTS(TEAMCITY_SERVER_OPTS=="$TEAMCITY_SERVER_OPTS -Djavax.net.ssl.trustStore=C:/TeamCit/yjre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=xxxxx") as suggested. Restarted TC service to be sure and still doesn't work. Unexpected Error
I am ready to go back Jenkins!
This was not supposed to happen. Please provide the error details to your TeamCity server maintainer.
If you maintain this TeamCity installation please report this error to JetBrains.
Error message: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Hello Randy,
Did you specify the TEAMCITY_SERVER_OPTS property correctly? There is a misprint in the message above:
TEAMCITY_SERVER_OPTS=="$TEAMCITY_SERVER_OPTS -Djavax.net.ssl.trustStore=C:/TeamCit/yjre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=xxxxx"
Yes, it is correct in Teamcity
Are you sure that the certificate is trusted on the GitHub enterprise server? How did you specify TEAMCITY_SERVER_OPTS property? Please check that JVM parameters were passed correctly on Administration > Diagnostics > Java Configuration page in TeamCity UI.
We have the related bug to improve the error message, as reported by the user adding the certificate to keystore helps: https://youtrack.jetbrains.com/issue/TW-45708#comment=27-1469702.