Failed to download artifact to retrieval agent
Article ID: 103453
Updated On:
Products
CA Release Automation - Release Operations Center (Nolio)
CA Release Automation - DataManagement Server (Nolio)
Issue/Introduction
While trying to run a deployment the artifact distribution stage receives the following error: Failed to download artifact[Artifact[NameOfArtifactType.NameOfArtifactDefinition.ArtifactName_ArtifactVersion'] to retrieve agent [NameOfArtifactRetrievalAgent]
Cause
In this case the artifact retrieval agent was setup to pull the file from an https URL. For this to work the artifact retrieval agent needs the certificate for that https site imported into its java keystore. The nolio_all.log file from the artifact retrieval agent confirms the cause and will general the following error message when it tries to access an https site that it doesnot have a certificate for (needed to establish a proper SSL handshake):
2018-06-26 10:40:58,617 [ArtifactsHandlers-1] DEBUG (com.nolio.platform.shared.datamodel.Action:167) - Accessing URL [https://yourUrl/path/to/file] with parameters [[]],
2018-06-26 10:40:58,758 [ArtifactsHandlers-1] ERROR (com.nolio.platform.shared.datamodel.Action:181) - exception caught
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2018-06-26 10:40:58,617 [ArtifactsHandlers-1] DEBUG (com.nolio.platform.shared.datamodel.Action:167) - Accessing URL [https://yourUrl/path/to/file] with parameters [[]],
2018-06-26 10:40:58,758 [ArtifactsHandlers-1] ERROR (com.nolio.platform.shared.datamodel.Action:181) - exception caught
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Environment
CA Release Automation v5.x and above.
Resolution
- Download the certificate from the site in question.
- If necessary, convert the certificate obtained in step #1 into an x509 format that can be imported into a java keystore (see additional info section below).
- Import the certificate into the agents java keystore. You can do this by opening a command prompt on the artifact retrieval agent machine and:
- cd <NolioAgentInstallationFolder>
- jre/bin/keytool -importcert -file <fileFromStep2> -keystore jre/lib/security/cacerts -alias <aliasNameOfYourChoosing>
- Restart the agent service.
Additional Information
Regarding Step 2 (in the resolution section), please note the following keytool guidelines for importing certificates:
https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html#keytool_option_importcert
Feedback
Powered by
