Home » Java » java – PKIX path building failed on Kubernetes AutoDevOps-Exceptionshub

java – PKIX path building failed on Kubernetes AutoDevOps-Exceptionshub

Posted by: admin February 25, 2020 Leave a comment

Questions:

I’m using a custom artifacotry repository on which I deploy my projects.
This is working fine when I’m working on my local machine but I’ve enable the AutoDevOps feature of Gitlab and integrate my project with a Kubernetes cluster.

The kubernetes cluster is managed by rancher.

The issue is that the build runned on Gitlab is failing with the following error:

Plugin org.apache.maven.plugins:maven-resources-plugin:2.6 or one of
its dependencies could not be resolved: Failed to read artifact
descriptor for
org.apache.maven.plugins:maven-resources-plugin:jar:2.6: Could not
transfer artifact
org.apache.maven.plugins:maven-resources-plugin:pom:2.6 from/to
adibox-snapshots
(https://artifactory.mydomain.com/artifactory/libs-snapshot): Transfer
failed for
https://artifactory.mydomain.com/artifactory/libs-snapshot/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target -> [Help 1]

If it was running on a local machine I know I could add the certificate to the java keystore by using keytool command lines. But I do not find where, in case of the AutoDevOps I could add the certificate. My best guess would be to add it on the Runner machine but I do not have any control on it as it’s managed by Gitlab.

Any help is welcome.

Thanks.

How to&Answers:

I fixed it by adding

before_script:
  - keytool -importcert -file artifactory.cer -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt

in my .gitlab-ci.yml file.

It will add the certificate to the Gitlab-Runner.