Open RRHex opened 1 year ago
Have you tried to install you custom CA certificate as a trusted certificate on your system (and on the JRE running Jenkins)?
For example, on Debian/Ubuntu systems, copy your cert (with .crt
extension) under /usr/local/share/ca-certificates
and run update-ca-certificates
(as root or with sudo). You'll need the ca-certificates
and ca-certificates-java
packages.
CentOS has a very similar system: https://unix.stackexchange.com/questions/456475/adding-a-root-certification-authority-to-a-java-application
In this instance, we're running on a Windows 10 node.
But yes, the certificate has been added to the system and the JRE running Jenkins. For the Artifactory plugin, the JRE worked, but that's not the case here.
For user installations of the JFrog CLI, certs are required to be added to the '.jfrog/security/certs' folder. In this case, the CLI install path is put in a temporary directory at runtime, so that doesn't seem to work.
@harbulot We have the same issue with our jenkins nodes running on macos.
Environment jenkins server version: 2.401.3 jfrog plugin for jenkins version: 1.5.0 osx version: Ventura 13.4 jdk version: openjdk version "11.0.20" 2023-07-18
Error
The following error was received while trying to encrypt your password: Get "<SERVER_URL>/artifactory/api/security/encryptedPassword": x509: certificate signed by unknown authority
I have added Artifactory server's internally signed certificate in the machines keychain, in the keystore of the JDK used by the jenkins node and also in ~/.jfrog/security/certs as its documented by jfrog.
When I run the jf command directly from the node's terminal I face no problem. When I run the same command from a jenkins pipeline using the plugin I get the error I copied above.
Can you please let me know if this plugin as is supports certificates signed by an internal CA ? Its interesting that for us its working fine for windows and ubuntu nodes but not for macOS. Is it a limitation that only affects macOS nodes?
Is your feature request related to a problem? Please describe.
In the normal JFrog CLI, you can use a self-signed SSL certificate for authenticating to the server by adding the cert to the '.jfrog/security/certs' folder (Documentation here)
In the old artifactory plugin, it used the 'cacerts' file from Java, where we could add our cert. Using this plugin, there is no way to specify our certificate, and we can't authenticate with our server:
The following error was received while trying to encrypt your password: Get "<SERVER_URL>/artifactory/api/security/encryptedPassword": x509: certificate signed by unknown authority
Describe the solution you'd like to see
I would like to see a configuration option for adding our self-signed certificate, or the ability to manually add it to a location on our nodes where it could be read.
Describe alternatives you've considered
No response
Additional context
No response