Skip to end of metadata
Go to start of metadata

Configuring Liberty Server

Updating server.xml

1) Open server.xml for the Liberty profile you want to connect to (i.e. <Liberty_Install_Root>/usr/servers/defaultServer/server.xml)
2) Enable the restConnector-1.0 (Note: this imports SSL features as well)

<featureManager>
       <feature>restConnector-1.0</feature>
</featureManager>

3) Add a quick start security implementation

<quickStartSecurity userName="bob"  userPassword="bobpassword" />

4) Add remote file access (Note: "server.output.dir" is a valid variable)

<remoteFileAccess>
     <readDir>${server.output.dir}/dropins</readDir>
     <writeDir>${server.output.dir}/dropins</writeDir>
</remoteFileAccess>

5) Edit host attribute to listen on all interfaces (i.e. the default is 'localhost', so change it to '*')

<httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" httpsPort="9443" />

Generating a keystore for SSL (required for remote connectivity from Jenkins)

6) Create SSL Certificate/KeyStore

Execute the following command (assuming defaultServer is the server name) to create a key.jks file)

<Liberty_Install_Root>/bin/securityUtility createSSLCertificate --server=defaultServer --password=anypassword

Note the response generated by the previous command. Copy just_ _the keyStore line to your server.xml configuration

<keyStore id="defaultKeyStore" password="....." />

The key.jks file will be located in <Liberty_Install_Root>/usr/servers/defaultServer/resources/security/key.jks

7) Copy the generated key.jks file and place it in a directory on the server where Jenkins resides.

Example server.xml configuration after following the above steps

<server description="default server">
    <featureManager>
        <feature>jsp-2.2</feature>
    </featureManager>
    <featureManager>
         <feature>restConnector-1.0</feature>
    </featureManager>

    <keyStore id="defaultKeyStore" password="..." />

    <quickStartSecurity userName="bob"  userPassword="bobpassword" />

    <remoteFileAccess>
        <readDir>${server.output.dir}/dropins</readDir>
        <writeDir>${server.output.dir}/dropins</writeDir>
    </remoteFileAccess>

    <httpEndpoint id="defaultHttpEndpoint"
                  host="*"
                  httpPort="9080"
                  httpsPort="9443" />
</server>

Configuring Jenkins

8) Select "Add post-build action" & select "Deploy To IBM WebSphere Liberty Profile"

9) Enter the IP/DNS Address of IBM WebSphere Liberty
10) Enter the secure port to connect to defined in step #5. (unsecured deployments are not allowed)
11) Enter the Username defined in step #3
12) Enter the Password defined in step #3
13) Enter the location of the key.jks file defined in step #7
14) Enter the password defined in step #6
15) Enter the location of the module you want deployed. (You can use ANT style GLOBS).
16) Point your browser to https://<liberty_server>:<port>
17) Export the SSL certificate and save it on the Jenkins server
18) Import the certificate into "cacerts" for the JVM that's running Jenkins

keytool -keystore <jre_home>/lib/security/cacerts -importcert -alias websphere-liberty-remote -file liberty.crt

Note: The default password for cacerts is "changeit"

19) Restart Jenkins so the imported certificate to be picked up. Enjoy!

Example Jenkins Configuration

  • No labels

1 Comment

  1. Hi... I am getting PKIX error with Websphere Liberty Profile.... How can i fix it?

    Jenkins Version:  2.138.1

    Websphere Deployer Plugin:  1.6.1

    I am trying to deploy the artifacts from Jenkins Server (J) to the applications running on Server A and Server B. I followed the steps that are mentioned in the IBM WebSphere Liberty Configuration and IBM WebSphere Liberty Configuration sites. I am successfully able to deploy the application to was liberty on Server A from Jenkins server (J). But with to tried to test the connection  to Server B after i configured (After Step 19), i am getting the below error. I went through the all the comments for similar PKIX path errors, but you mentioned to enable Trust SSL Certificates for websphere and i dont see that option for liberty profile.... Please advise.

    Connection failed: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
    at com.ibm.jsse2.k.a(k.java:15)
    at com.ibm.jsse2.av.a(av.java:531)
    at com.ibm.jsse2.D.a(D.java:68)
    at com.ibm.jsse2.D.a(D.java:628)
    at com.ibm.jsse2.E.a(E.java:803)
    at com.ibm.jsse2.E.a(E.java:447)
    at com.ibm.jsse2.D.r(D.java:139)
    at com.ibm.jsse2.D.a(D.java:485)
    at com.ibm.jsse2.av.a(av.java:717)
    at com.ibm.jsse2.av.i(av.java:869)
    at com.ibm.jsse2.av.a(av.java:19)
    at com.ibm.jsse2.av.startHandshake(av.java:672)
    at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:46)
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:35)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
    at com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:14)
    at com.ibm.ws.jmx.connector.client.rest.internal.RESTMBeanServerConnection.loadJMXServerInfo(RESTMBeanServerConnection.java:243)
    at com.ibm.ws.jmx.connector.client.rest.internal.RESTMBeanServerConnection.<init>(RESTMBeanServerConnection.java:160)
    at com.ibm.ws.jmx.connector.client.rest.internal.Connector.connect(Connector.java:373)
    at com.ibm.ws.jmx.connector.client.rest.internal.Connector.connect(Connector.java:116)
    at org.jenkinsci.plugins.websphere.services.deployment.LibertyDeploymentService.connect(LibertyDeploymentService.java:106)
    at org.jenkinsci.plugins.websphere_deployer.LibertyDeployerPlugin$DescriptorImpl.doTestConnection(LibertyDeployerPlugin.java:258)
    at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
    at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
    at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
    at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1255)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:743)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:440)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:182)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:93)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
    at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:996)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1134)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4954)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:314)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:996)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:279)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:1011)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.wrapHandlerAndExecute(HttpDispatcherLink.java:414)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:373)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:532)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:466)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:331)
    at com.ibm.ws.http.channel.internal.inbound.HttpICLReadCallback.complete(HttpICLReadCallback.java:70)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:501)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:571)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:926)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1015)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
    Caused by: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
    at com.ibm.jsse2.util.f.a(f.java:60)
    at com.ibm.jsse2.util.f.b(f.java:126)
    at com.ibm.jsse2.util.e.a(e.java:7)
    at com.ibm.jsse2.aD.a(aD.java:122)
    at com.ibm.jsse2.aD.a(aD.java:124)
    at com.ibm.jsse2.aD.checkServerTrusted(aD.java:162)
    at com.ibm.jsse2.E.a(E.java:831)
    ... 103 more
    Caused by: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:654)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:368)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at com.ibm.jsse2.util.f.a(f.java:82)
    ... 109 more