Build Agent can't connect

My TeamCity installation has been running without problems for months.

Now, I have changed the SSL certificate of the TeamCity server and - since then? - the Build Agent - which is running on a different machine - no longer connects to the Server.

I am getting this error:

[2016-05-10 14:24:13,745] WARN - buildServer.AGENT.registration - Failed to resolve server communication protocol. Will try all protocols: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (enable debug to see stacktrace)

 

I have tried importing the certificate into the truststore but it didn't help. I also tried to change back to the old SSL certificate, but this doesn't resolve the problem either, which I find puzzling.

I have tested the SSLPoke class (https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html) and it successfully connects.

I am at a loss here and I am looking for help - this is a production system and this issue prevents me from shipping new versions to my clients. Any quick help is highly appreciated.

Thanks, Daniel

4 comments
Comment actions Permalink

Hi Daniel,

Sorry for delay in replying. Did you configure the JVM installation used by the agent for authentication with server certificate? Please follow the instructions from the section.

 
1
Comment actions Permalink

As you can read from the description of my problem, I did that. Also, I even reverted back to the certificate that used to work, so it shouldn't even be necessary to do this. Also, the JVM can actually connect without problems as is shown by the SSLPoke class.

0
Comment actions Permalink

I just want to double check that you follow all the steps from the proposed guidelines. I have only two options in mind:

1. Some of the parameters were not passed to the JVM or were configured incorrectly:

-Djavax.net.ssl.keyStore=<path to keystore file>
-Djavax.net.ssl.keyStorePassword=<keystore password>
-Djavax.net.ssl.trustStore=<path to trust keystore file>
-Djavax.net.ssl.trustStorePassword=<trust keystore password>

Please double check it.

2. The JVM used to start the agent is not the same as was configured. Please double check it also.

1
Comment actions Permalink

I was having the same trouble after importing the certificate.  Adding javax.net.ssl.keyStore{Password} properties to my buildAgent.properties file fixed me up.  Thanks!

0

Please sign in to leave a comment.