4

We use TeamCity 7.1.5., I updated TeamCity Server site certificate (replaced server.p12 file with new one) for new time period and TeamCity Server lost connection with single Agent. Agent status is Disconnected, Authorized, Enabled. With WEB Browser I navigated to TeamCity site and made sure new certificate is valid.

Into teamcity-agent.log file I see many similar messages, for sample:

[2014-03-20 16:37:11,694] WARN - jetbrains.buildServer.AGENT - Ping problem: Call https://example.com/RPC2 buildServer.ping: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

How I can fix this Agent connectivity problem with new certificate?

With old site certificate TeamCity worked properly.

I see difference in Details of old and new certificate. Old Certificate Signature Algorithm is PKCs #1 SHA-1 With RSA Encryption. New Certificate Signature Algorithm is PKCs #1 SHA-256 With RSA Encryption.

Wai Ha Lee
  • 8,598
  • 83
  • 57
  • 92
user3451911
  • 41
  • 1
  • 2

1 Answers1

8

I solved the same problem by adding the new cert to default truststore of java:

And import it into java default truststore:

keytool -import -trustcacerts -file <ca_file> -alias <CA_ALIAS> -keystore $JAVA_HOME/jre/lib/security/cacerts
  • [tmpFile] - name of generated file.
  • [servers-keystore] - configured keystore of your server
  • [CA_ALIAS] - alias of the cert to identify in keystore
  • [ca_file] - ca_file from webside (maybe get with chrome expor)

Check, that the $JAVA_HOME path is correct, maybe replace it with absolut path. The default passwort for truststore (cacerts) is: changeit

For more information about java keytool: here

If you do not have the ca_file check this post

For TeamCity agent installed under Windows, use "agent_installation_path/jre" as "JAVA_HOME". Source

Community
  • 1
  • 1
Eruvanos
  • 670
  • 7
  • 13