controller is not able to connect Operations Center due to java.lang.SecurityException: Rejected: java.security.cert.Certificate

1 minute read

Issue

  • controller is not able to connect to the CloudBees Jenkins Operation Center

  • Logs show the following exception

2018-06-08 18:46:58.001+0000 [id=58]    SEVERE  c.c.o.c.p.OperationsCenterRootAction$DescriptorImpl#setAgentErrorStateCallback: Agent Connection Error: DescriptorImpl{state=CONNECTABLE, error=java.lang.SecurityException: Rejected: java.security.cert.Certificate$CertificateRep; see https://www.jenkins.io/redirect/class-filter/, transportEndpoint=cjp.test.example.com/XX.XXX.X.X:10000, operationsCenterUrl=https://cjp.test.example.com/, name='0-Test_controller', grantId='aa03db4b-4d66-410f-a95d-8de6f71e4be1', agentThread=Thread[Operations Center Connector #1,5,main], channel=null, slaveManager=null}
java.lang.SecurityException: Rejected: java.security.cert.Certificate$CertificateRep; see https://www.jenkins.io/redirect/class-filter/
    at hudson.remoting.ClassFilter.check(ClassFilter.java:76)
    at hudson.remoting.ObjectInputStreamEx.resolveClass(ObjectInputStreamEx.java:57)
    at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1866)
    at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1749)

Environment

Resolution

The probable root cause is that the controller is trying to use Multicontroller protocol to connect Operations Center. That protocol is not recommended anymore, so switching to OperationsCenter2 protocol is the solution.

Go to Manage Jenkins > Configure Global Security, and under Agents, click on the Agent Protocols... button and ensure that OperationsCenter2 is checked and Multicontroller not.

You need to apply this configuration change in Operations Centers and controller side and try to reconnect again the controller to the Operations Centers.

If you are not still able to connect the controller after that, ensure that the connectivity is done from scratch by following below steps

  1. In controller, go to Manage Jenkins > Configure System and verify if Operations Center Connector section exists. If exists, then uncheck the Enable option and save the changes.

  2. In OC, delete the controller item, create a new one and push the new connection details.