New Nexus Repo: Failed to execute HttpGet for artifact

book

Article ID: 205506

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

After creating a new Nexus repository we're seeing the following errors in our management server's nolio_dm_all.log file:

2020-12-21 17:58:25,762 [ActionsSyncTimer] ERROR (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:521) - Failed to execute HttpGet for artifact  [/nexus/service/local/repositories/nolio/status] from default repository [https://<repoServername>:8443/nexus/content/repositories/nolio].
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

 

Cause

This error indicates that the Management server (aka NAC) has had it's conf/nolio-repo.properties setup to point to a repository using https and the management server does not have a certificate in its truststore. 

Environment

Release : 6.6

Component : CA RELEASE AUTOMATION RELEASE OPERATIONS CENTER

Resolution

Import the needed certificate to the mgmt servers truststore. 

To do this:
  1. Download the certificate from the site in question.
  2. If necessary, convert the certificate obtained in step #1 into an x509 format that can be imported into a java keystore (see additional info section below).
  3. Import the certificate into the agents java keystore.
    • You can do this by opening a command prompt on the artifact retrieval agent machine and:
    • cd <NAC_InstallationFolder>run: jre/bin/keytool -importcert -file <fileFromStep2> -keystore <TrustStore File> -alias <aliasNameOfYourChoosing>
  4. Restart the Mgmt service.

Note: 

To determine which TrustStore File to use in step #3 you can follow these steps:

  • Check to see if you have a conf/security-customization.properties file with an entry for: javax.net.ssl.trustStore
    • If yes, replace <TrustStore File> in step 3 with the file referenced by the javax.net.ssl.trustStore entry.
    • If no, replace <TrustStore File> in step 3 with: <Nac_InstallationFolder>/jre/lib/security/cacerts