Failed to download artifact to retrieval agent

book

Article ID: 103449

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

While trying to run a deployment the artifact distribution stage receives the following error: Failed to download artifact[Artifact[NameOfArtifactType.NameOfArtifactDefinition.ArtifactName_ArtifactVersion'] to retrieve agent [NameOfArtifactRetrievalAgent]

Cause

In this case the artifact retrieval agent was setup to pull the file from an https URL. For this to work the agent needs the certificate for the https site imported into its java keystore. The nolio_all.log file from the artifact retrieval agent confirms the cause and will generate the following error message when it tries to access an https site that it doesn't have a certificate for to establish a proper SSL Handshake:

2018-06-26 10:40:58,617 [ArtifactsHandlers-1] DEBUG (com.nolio.platform.shared.datamodel.Action:167) - Accessing URL [https://yourUrl/path/to/file] with parameters [[]], 
2018-06-26 10:40:58,758 [ArtifactsHandlers-1] ERROR (com.nolio.platform.shared.datamodel.Action:181) - exception caught 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

 

Environment

Release Automation v5.x and above.
 

Resolution

  1. Download the certificate from the site in question. 
  2. If necessary, convert the certificate obtained in step #1 into a x509 format that can be imported into a java keystore. 
  3. Import the certificate into the agents java keystore. You can do this by opening a command prompt on the artifact retrieval agent machine and:
    1. cd <NolioAgentInstallationFolder>
    2. jre/bin/keytool -importcert -file <fileFromStep2> - keystore jre/lib/security/cacerts -alias <aliasNameOfYourChoosing>
  4. Restart the agent service.

Additional Information

Regarding Step 2 (in the resolution section), please note the following keytool guidelines for importing certificates:
https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html#keytool_option_importcert