Git clone fails when using a private PKI

[sdmorel]

Hello,

I'm having issues trying to use this plugin to clone a Git repo from a private Bitbucket using an SSL certificate signed by a private CA.

The error message:

org.eclipse.jgit.api.errors.TransportException: https://XXX.XXX.com/scm/itg/git.git: cannot open git-upload-pack
...
Caused by: org.eclipse.jgit.errors.TransportException: https://XXX.XXX.com/scm/itg/git.git: cannot open git-upload-pack
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Failed cloning the repository from https://XXX.XXX.com/scm/itg/git.git: https://XXX.XXX.com/scm/itg/git.git: cannot open git-upload-pack

I have Rundeck configured to use the truststore with the CA certificate marked as trusted. The ssl.properties points to the truststore and has the correct password.
When I list the content of the truststore, I see the CA certificate correctly.

Any idea how to make this work?

Thanks!

[marcelomansur]

Hello,
Any update about this issue? I'm having the same problem.

[lbp-code]

Hi @sdmorel, your approach seems correct (adding the root CA to the internal certificate store). Are you still having the issue?

By the way, does your internal CA have intermediate/subCA certificates? If so, did you add them all to the truststore?