Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

Configuring Liberty Server

Updating server.xml

1) Open server.xml for the Liberty profile you want to connect to (i.e. <Liberty_Install_Root>/usr/servers/defaultServer/server.xml)
2) Enable the restConnector-1.0 (Note: this imports SSL features as well)

<featureManager>
       <feature>restConnector-1.0</feature>
</featureManager>

3) Add a quick start security implementation

<quickStartSecurity userName="bob"  userPassword="bobpassword" />

4) Add remote file access (Note: "server.output.dir" is a valid variable)

<remoteFileAccess>
     <readDir>${server.output.dir}/dropins</readDir>
     <writeDir>${server.output.dir}/dropins</writeDir>
</remoteFileAccess>

5) Edit host attribute to listen on all interfaces (i.e. the default is 'localhost', so change it to '*')

<httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" httpsPort="9443" />

Generating a keystore for SSL (required for remote connectivity from Jenkins)

6) Create SSL Certificate/KeyStore

Execute the following command (assuming defaultServer is the server name) to create a key.jks file)

<Liberty_Install_Root>/bin/securityUtility createSSLCertificate --server=defaultServer --password=anypassword

Note the response generated by the previous command. Copy just_ _the keyStore line to your server.xml configuration

<keyStore id="defaultKeyStore" password="....." />

The key.jks file will be located in <Liberty_Install_Root>/usr/servers/defaultServer/resources/security/key.jks

7) Copy the generated key.jks file and place it in a directory on the server where Jenkins resides.

Example server.xml configuration after following the above steps

<server description="default server">
    <featureManager>
        <feature>jsp-2.2</feature>
    </featureManager>
    <featureManager>
         <feature>restConnector-1.0</feature>
    </featureManager>

    <keyStore id="defaultKeyStore" password="..." />

    <quickStartSecurity userName="bob"  userPassword="bobpassword" />

    <remoteFileAccess>
        <readDir>${server.output.dir}/dropins</readDir>
        <writeDir>${server.output.dir}/dropins</writeDir>
    </remoteFileAccess>

    <httpEndpoint id="defaultHttpEndpoint"
                  host="*"
                  httpPort="9080"
                  httpsPort="9443" />
</server>

Configuring Jenkins

8) Select "Add post-build action" & select "Deploy To IBM WebSphere Liberty Profile"

9) Enter the IP/DNS Address of IBM WebSphere Liberty
10) Enter the secure port to connect to defined in step #5. (unsecured deployments are not allowed)
11) Enter the Username defined in step #3
12) Enter the Password defined in step #3
13) Enter the location of the key.jks file defined in step #7
14) Enter the password defined in step #6
15) Enter the location of the module you want deployed. (You can use ANT style GLOBS).
16) Point your browser to https://<liberty_server>:<port>
17) Export the SSL certificate and save it on the Jenkins server
18) Import the certificate into "cacerts" for the JVM that's running Jenkins

keytool -keystore <jre_home>/lib/security/cacerts -importcert -alias websphere-liberty-remote -file liberty.crt

Note: The default password for cacerts is "changeit"

19) Restart Jenkins so the imported certificate to be picked up. Enjoy!

Example Jenkins Configuration

  • No labels

1 Comment

  1. Unknown User (palakurthi530)

    Hi... I am getting PKIX error with Websphere Liberty Profile.... How can i fix it?

    Jenkins Version:  2.138.1

    Websphere Deployer Plugin:  1.6.1

    I am trying to deploy the artifacts from Jenkins Server (J) to the applications running on Server A and Server B. I followed the steps that are mentioned in the IBM WebSphere Liberty Configuration and IBM WebSphere Liberty Configuration sites. I am successfully able to deploy the application to was liberty on Server A from Jenkins server (J). But with to tried to test the connection  to Server B after i configured (After Step 19), i am getting the below error. I went through the all the comments for similar PKIX path errors, but you mentioned to enable Trust SSL Certificates for websphere and i dont see that option for liberty profile.... Please advise.

    Connection failed: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
    at com.ibm.jsse2.k.a(k.java:15)
    at com.ibm.jsse2.av.a(av.java:531)
    at com.ibm.jsse2.D.a(D.java:68)
    at com.ibm.jsse2.D.a(D.java:628)
    at com.ibm.jsse2.E.a(E.java:803)
    at com.ibm.jsse2.E.a(E.java:447)
    at com.ibm.jsse2.D.r(D.java:139)
    at com.ibm.jsse2.D.a(D.java:485)
    at com.ibm.jsse2.av.a(av.java:717)
    at com.ibm.jsse2.av.i(av.java:869)
    at com.ibm.jsse2.av.a(av.java:19)
    at com.ibm.jsse2.av.startHandshake(av.java:672)
    at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:46)
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:35)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
    at com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:14)
    at com.ibm.ws.jmx.connector.client.rest.internal.RESTMBeanServerConnection.loadJMXServerInfo(RESTMBeanServerConnection.java:243)
    at com.ibm.ws.jmx.connector.client.rest.internal.RESTMBeanServerConnection.<init>(RESTMBeanServerConnection.java:160)
    at com.ibm.ws.jmx.connector.client.rest.internal.Connector.connect(Connector.java:373)
    at com.ibm.ws.jmx.connector.client.rest.internal.Connector.connect(Connector.java:116)
    at org.jenkinsci.plugins.websphere.services.deployment.LibertyDeploymentService.connect(LibertyDeploymentService.java:106)
    at org.jenkinsci.plugins.websphere_deployer.LibertyDeployerPlugin$DescriptorImpl.doTestConnection(LibertyDeployerPlugin.java:258)
    at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
    at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
    at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
    at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1255)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:743)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:440)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:182)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:93)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
    at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:996)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1134)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4954)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:314)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:996)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:279)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:1011)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.wrapHandlerAndExecute(HttpDispatcherLink.java:414)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:373)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:532)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:466)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:331)
    at com.ibm.ws.http.channel.internal.inbound.HttpICLReadCallback.complete(HttpICLReadCallback.java:70)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:501)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:571)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:926)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1015)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
    Caused by: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
    at com.ibm.jsse2.util.f.a(f.java:60)
    at com.ibm.jsse2.util.f.b(f.java:126)
    at com.ibm.jsse2.util.e.a(e.java:7)
    at com.ibm.jsse2.aD.a(aD.java:122)
    at com.ibm.jsse2.aD.a(aD.java:124)
    at com.ibm.jsse2.aD.checkServerTrusted(aD.java:162)
    at com.ibm.jsse2.E.a(E.java:831)
    ... 103 more
    Caused by: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:654)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:368)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at com.ibm.jsse2.util.f.a(f.java:82)
    ... 109 more