All geek questions in one place

Jenkins Git Integration - How to Disable SSL Certificate Validation

I get the error below when creating a job from Jenkins. How to disable certificate verification in Jenkins?

From Git Bash I can use the git config --global http.sslVerify false to disable it, but I don’t know how to use it with Jenkins.

Error:

 Failed to connect to repository : Command "C:\Program Files (x86)\Git\cmd\git.exe ls-remote -h url ofmy repository.git HEAD" returned status code 128: stdout: stderr: fatal: unable to access 'url of my git/': SSL certificate problem: self signed certificate in certificate chain
+10
source share
6 answers

The best option is to add a self-signed certificate to the certificate store

Get server certificate tree This can be done using chrome.

  • Go to the server. Click on the lock icon and view the certificates. Export the entire certificate chain to a base64 (PEM) encoded file format.

  • Add certificates to the trust chain of your GIT trust configuration file In GIT bash on the machine on which the job is running, do the following:

"git config --list".

find the http.sslcainfo configuration that shows where the certificate trust file is located. 3. Copy all certificates to the trust chain file, including "- -BEGIN- -" and "- -END- -" . Make sure you add the ROOT certificate chain to the certificate file

This should solve your problem with self-signed certificates and with GIT.

NOT RECOMMENDED

Another way is to remotely access your slave and run the following:

git config --global http.ssl

This will save in the global configuration that this instance never checks SSL, this is NOT recommended, it should only be used for testing, and then turn it off again. This must be done correctly as described above.

+15
source

You can use JGit and you can fix this by creating a .gitconfig file in JENKINS_HOME with these lines:

 [http] sslVerify = false
+2
source

Create a Freestyle project, add the “Windows Batch Command” and add

git config http.sslVerify false or git config --config http.sslVerify false

Once this is done, save it and build work

Now your Jenkin is configured to not do SSL verification. After a successful build, you can now remove the build step of the batch command and edit the same project for your configuration.

+2
source

in addition, i'm stuck on this for hours, here is what i found for SSL related

add

 -Dorg.jenkinsci.plugins.getclient.GitClient.untrustedSSL=true

as a java jnlp command parameter,

and set GIT_SSL_NO_VERIFY = true as an environment variable, so the slave start command on the slave side now looks (not sure if some parameters are duplicated)

 export GIT_SSL_NO_VERIFY=true java -Dorg.jenkinsci.plugins.getclient.GitClient.untrustedSSL=true -jar slave.jar -jnlpUrl ${jenkins_url}/computer/${slave_name}/slave-agent.jnlp -secret ${secret} -noCertificateCheck

you may need the same

 -noCertificateCheck

when trying to call jenkins-cli.jar

(before https://blog.csdn.net/froghui/article/details/39641221 )

since every time jenkins slavery triggered a git operation, this is a pure env processed by jenkins git plugin

+1
source

I had the same problem. At first I used Git using the Script shell, which disabled SSL checking before the clone or pulled.

Later, I switched to using JGit instead, which works as expected (although it is not recommended to be used). However, with JGit, some features, such as small clones, are not supported.

Afair I didn't need to install anything to use JGit

0
source

Log in or switch to jenkins user; to switch, run this command on the terminal:

 su - jenkins

And then run

 git config --global http.sslVerify false
0
source

Source: https://habr.com/ru/post/1014545/

More articles:


All Articles