New Nexus Repo: New Artifact Errors with Store artifact in local repository

book

Article ID: 205441

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

After setting up a new Nexus repository we are having problems creating Artifacts when the artifact creation method attempts to "Store artifact in local repository". 

 

Cause

Certificate problems. If the retrieval agent does not have the proper SSL certificate for the new nexus repository then the following errors will appear in the retrieval agent's logs/nolio_all.log file when you try to create an artifact with the option "Store artifact in local repository" selected:

 

2020-12-21 17:04:30,960 [ArtifactsHandlers-1] ERROR (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:521) - Failed to execute HttpGet for artifact  [/nexus/content/repositories/nolio/3/ArtifactDefinition1.Art1/Test6/ArtifactDefinition1.Art1-Test6.txt] from default repository [https://<repoServername>:8443/nexus/content/repositories/nolio].
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

Environment

Release : 6.6

Component : CA RELEASE AUTOMATION RELEASE OPERATIONS CENTER

Resolution

After creating a new Nexus repository that you configure the Management Server to use (via its conf/nolio-repo.properties file) you need to import the certificate used by that new repository into the nolio.jks truststore used by Artifact Retrieval agent if conf/nolio-repo.properties is configured to use https (instead of http). 

To do this:
  1. Download the certificate from the site in question.
  2. If necessary, convert the certificate obtained in step #1 into an x509 format that can be imported into a java keystore (see additional info section below).
  3. Import the certificate into the agents java keystore.
    You can do this by opening a command prompt on the artifact retrieval agent machine and:
    • cd <NolioAgentInstallationFolder>
    • run: jre/bin/keytool -importcert -file <fileFromStep2> -keystore conf/nolio.jks -alias <aliasNameOfYourChoosing>
  4. Restart the agent service.

 

Alternatively, do not select the option "Store artifact in local repository". 

 

While this next recommendation does not impact the artifact retrieval agent's ability to store the artifact into the new Nexus repository, it is recommended that you review the following:

New Nexus Repo: Failed to execute HttpGet for artifact

New Nexus Repo: Action package is missing from the repository

Additional Information

Regarding Step 2 (in the resolution section), please note the following keytool guidelines for importing certificates:

https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html#keytool_option_importcert