Closed jmarandet closed 6 years ago
I have the same problem with a thawte certificate.
Hi, I was working on this topic with @jmarandet and we found that adding our PKI to the OS proxy permited the plugin to reach jenkins properly. I don't remember the correct terms but here is what I think happens :
Of course adding our own PKI onto our proxy is not a bad idea. Anyway I think the plugin (or vscode ? I'm not an expert) should not use that dummy "make that request for me plz" way of using a proxy but rather the "open that connection for me plz".
I'm only guessing here, I can't get into the code, it's just a hint, good luck.
This page helped me : https://www.npmjs.com/package/ssl-root-cas And particularly : Common Errors CERT_UNTRUSTED - the common root CAs are missing, this module fixes that. UNABLE_TO_VERIFY_LEAF_SIGNATURE could be either the same as the above, or the below unable to verify the first certificate - the intermediate certificate wasn't bundled along with the server certificate, you'll need to fix that
Reading this, I thought that maybe a root CA (our PKI in my case) was missing somewhere. Knowing it was good on my computer, I thought of the proxy.
@tomuta : maybe you should check if any root certificate update on your proxy is possible ?
Hi,
First of all, sorry for taking so long to appear. I had other priorities at the moment, and didn't have the time to give attention to this 😢 .
I would like to know if @Miminoux answer has helped @jmarandet and @tomuta. If not, what do you think I could add to the extension to fix the issue.
I'm not an auth/cert expert, and I use Jenkins only in basic auth (username/password) scenarios, so any help in making this more complex scenario would be greate.
Thanks
@alefragnani . Yes, @Miminoux 's answer solved my issue.
Hi,
I have a .jenkins file specifying the url, username and token of my project. But when I launch "Jenkins: Update status" command the control bar shows the following warning
The Jenkins site certificate was issued by a self-signed corporate PKI, and added to the OS. Every web client on my computer works fine with it, the authority is registered. For example I can see that Chrome shows a green lock, so the authority is correctly recognized.
I have tried the following :
Without any success. Do you have any suggestion ?