Failed to download artifact to retrieval agent

book

Article ID: 103453

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

While trying to run a deployment the artifact distribution stage receives the following error: Failed to download artifact[Artifact[NameOfArtifactType.NameOfArtifactDefinition.ArtifactName_ArtifactVersion'] to retrieve agent [NameOfArtifactRetrievalAgent]

Cause

In this case the artifact retrieval agent was setup to pull the file from an https URL. For this to work the artifact retrieval agent needs the certificate for that https site imported into its java keystore. The nolio_all.log file from the artifact retrieval agent confirms the cause and will general the following error message when it tries to access an https site that it doesnot have a certificate for (needed to establish a proper SSL handshake):
2018-06-26 10:40:58,617 [ArtifactsHandlers-1] DEBUG (com.nolio.platform.shared.datamodel.Action:167) - Accessing URL [https://yourUrl/path/to/file] with parameters [[]], 
2018-06-26 10:40:58,758 [ArtifactsHandlers-1] ERROR (com.nolio.platform.shared.datamodel.Action:181) - exception caught 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

 

Environment

CA Release Automation v5.x and above.

Resolution

  1. Download the certificate from the site in question.
  2. If necessary, convert the certificate obtained in step #1 into an x509 format that can be imported into a java keystore (see additional info section below).
  3. Import the certificate into the agents java keystore. You can do this by opening a command prompt on the artifact retrieval agent machine and:
    1. cd <NolioAgentInstallationFolder>
    2. jre/bin/keytool -importcert -file <fileFromStep2> -keystore jre/lib/security/cacerts -alias <aliasNameOfYourChoosing>

  4. Restart the agent service.

Additional Information

Regarding Step 2 (in the resolution section), please note the following keytool guidelines for importing certificates:

https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html#keytool_option_importcert