So Jenkins is throwing that bland but terrifying message about an invalid certification path. Relax a little and get your keystore game on. This guide shows the practical steps to add the target server certificate to the Java truststore that Jenkins is using. It is the usual DevOps ritual where you fetch a certificate, drop it in the right place, and pretend you always knew what you were doing.
Jenkins runs on a Java JVM and Java trusts only certificates present in its truststore by default. If the remote service uses a certificate that Java does not recognize you will see errors mentioning an invalid certification path. This is a CI security feature doing its job even when it ruins your morning.
Use the browser certificate export feature or ask the service owner for a PEM or CRT file. Browsers are surprisingly handy and do not require heroic command line skills. Save the file as server.crt or similar.
Place the file in a controlled location that the Jenkins administrator owns. No stray files on the desktop. You will need shell access for the import step.
Back up the truststore before you change it. Break stuff now and you get to explain it later.
cp /path/to/jre/lib/security/cacerts /path/to/jre/lib/security/cacerts.bak
Import the certificate into the same cacerts file that your Jenkins JVM uses. The default cacerts password is changeit unless your admin changed it for good reasons. Example command for a typical setup
keytool -import -alias myserver -file server.crt -keystore /path/to/jre/lib/security/cacerts -storepass changeit
Answer yes to trust the certificate when prompted. If the remote server presents an intermediate CA make sure you import the full chain or import the root and intermediate certs as needed.
Restart the Jenkins service so the JVM picks up the updated truststore. Use your system service tool to restart Jenkins. Then re run the failing job or access the remote resource from the Jenkins host with a browser to confirm the SSL handshake no longer fails.
Final tip Prefer certificates signed by a trusted CA and avoid turning off SSL checks. A proper CA signed certificate saves time and prevents future headaches for your CI and security teams. You did not really want to disable security checks anyway unless you enjoy chaos.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.