jenkins证书验证报错unable to find vali

如果jenkins目录不在/var/lib/jenkins，将命令中的该路径替换为正确路径即可。

将已有证书及jenkins几个域名证书导入

# 将java证书复制到jenkins目录
mkdir /var/lib/jenkins/keystore/
cp $JAVA_HOME/jre/lib/security/cacerts /var/lib/jenkins/keystore/

# 导入
while read i
do
  echo "$i"
  openssl s_client -showcerts -connect $i:443 < /dev/null 2> /dev/null | openssl x509 -outform PEM > ~/root_ca.pem
  # 导入证书，如果提示“输入密钥库口令”，试试默认的"changeit"
  keytool -noprompt -import -alias $i -keystore /var/lib/jenkins/keystore/cacerts -file ~/root_ca.pem -storepass changeit
done <<< 'jenkins.io
get.jenkins.io
updates.jenkins.io
ftp.yz.yamagata-u.ac.jp
mirror.gruenehoelle.nl
ftp.halifax.rwth-aachen.de
mirror.xmission.com
ftp-chi.osuosl.org
archives.jenkins.io
mirrors.tuna.tsinghua.edu.cn'

修改 /etc/sysconfig/jenkins，指定证书目录

JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Djavax.net.ssl.trustStore=/var/lib/jenkins/keystore/cacerts"

重启jenkins

service jenkins restart

参考

• jenkins-unable-to-find-valid-certification-path-to-requested-target-error-whil
• keytool-error-keystore-was-tampered-with-or-password-was-incorrect