I needed to do this as a workaround while running Jenkins via HTTPS, for some reason I was unable to get any GitHub Webhooks to work and would see the following errs in Jenkins log:
jenkins github webhook javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target- Fetch the certificate from local GitHub:
openssl s_client -connect www.github.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/github_public.crt
- Import the certificate into the keystore. (I am using Ubuntu 14.04 with Open JDK 7):
/usr/lib/jvm/default-java/bin/keytool -import -alias www.github.com -keystore /usr/lib/jvm/default-java/jre/lib/security/cacerts -file /tmp/github_public.crt
- Bounce Jenkins:
service jenkins restart
Thanks. Still clear and useful information. This helped me adding sonarqube certs to Jenkins.