Unable to clone private github repo

We are using private Github installation, and self signed certificates. When I try to clone git repo from the github I receive an exception:

Test VCS connection failed.
List remote refs failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

Here is a stack trace from the log file:

[2015-01-16 11:50:01,985]   WARN - tion.TestConnectionServiceImpl - TestConnection failed for ____test_connection_workspace_id____1421437801949:a: List remote refs failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
jetbrains.buildServer.vcs.VcsException: List remote refs failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at jetbrains.buildServer.buildTriggers.vcs.git.OperationContext.wrapException(OperationContext.java:158)
 at jetbrains.buildServer.buildTriggers.vcs.git.GitVcsSupport.getRemoteRefs(GitVcsSupport.java:341)
 at jetbrains.buildServer.buildTriggers.vcs.git.GitVcsSupport.getCurrentState(GitVcsSupport.java:129)
 at jetbrains.buildServer.buildTriggers.vcs.git.TestConnectionCommand.checkFetchConnection(TestConnectionCommand.java:95)
 at jetbrains.buildServer.buildTriggers.vcs.git.TestConnectionCommand.testConnection(TestConnectionCommand.java:68)
 at jetbrains.buildServer.buildTriggers.vcs.git.GitVcsSupport.testConnection(GitVcsSupport.java:254)
 at jetbrains.vcs.api.services.impl.TestConnectionServiceProvider$1.testConnection(TestConnectionServiceProvider.java:32)
 at jetbrains.vcs.server.core.impl.testConnection.TestConnectionServiceImpl.testConnection(TestConnectionServiceImpl.java:39)
 at jetbrains.vcs.server.core.impl.testConnection.TestConnectionUtil.testConnection(TestConnectionUtil.java:27)
 at jetbrains.vcs.server.settings.vcs.service.TestConnectionSettingsServiceImpl.testConnection(TestConnectionSettingsServiceImpl.java:43)
 at jetbrains.vcs.server.settings.web.json.WorkspaceTestController.doConnectionTest(WorkspaceTestController.java:76)
 at jetbrains.vcs.server.settings.web.json.WorkspaceTestController.unknownWorkspace(WorkspaceTestController.java:45)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:601)
 at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215)
 at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
 at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
 at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:749)
 at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:689)
 at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:83)
 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:938)
 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:870)
 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961)
 at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:863)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
 at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
 at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:769)
 at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
 at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
 at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
 at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1125)
 at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
 at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
 at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1059)
 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
 at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
 at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
 at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
 at org.eclipse.jetty.server.Server.handle(Server.java:497)
 at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
 at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:248)
 at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
 at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:610)
 at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:539)
 at java.lang.Thread.run(Thread.java:722)
Caused by: org.eclipse.jgit.errors.TransportException: https://mygihubrepo.git: cannot open git-upload-pack
 at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:505)
 at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:312)
 at jetbrains.buildServer.buildTriggers.vcs.git.GitVcsSupport.getRemoteRefs(GitVcsSupport.java:358)
 at jetbrains.buildServer.buildTriggers.vcs.git.GitVcsSupport.getRemoteRefs(GitVcsSupport.java:337)
 ... 47 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
 at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
 at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
 at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
 at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
 at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
 at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
 at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
 at org.eclipse.jgit.transport.http.apache.HttpClientConnection.execute(HttpClientConnection.java:235)
 at org.eclipse.jgit.transport.http.apache.HttpClientConnection.getResponseCode(HttpClientConnection.java:207)
 at org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:168)
 at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:466)
 ... 50 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
 at sun.security.validator.Validator.validate(Validator.java:260)
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320)
 ... 70 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
 ... 76 more

Any help is appretiated!

2 comments

Resolved it by adding the certificate to the keystore:
keytool -import -alias github -file theCert.crt -keystore /path/to/cert

The weard part is that we are running teamcity and it does not need this kind of tweaks.

0

Please sign in to leave a comment.