I have configured jenkins integration with a freestyle sample project, but while building the project in jenkins getting the below error:
Caused: org.conjur.jenkins.exceptions.InvalidConjurSecretException: Hostname dap_master_ip not verified:
certificate: sha256/out5pnBpSGlEQtdxa3Qg++V1FrIRZPIp0JdaobVfq1o=
DN: CN=dap_master_ip
subjectAltNames: [dap_master_ip, localhost, conjur]
at org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsImpl.getSecret(ConjurSecretCredentialsImpl.java:99)
at org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding.bind(ConjurSecretCredentialsBinding.java:60)
at org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper.setUp(SecretBuildWrapper.java:89)
at hudson.model.Build$BuildExecution.doRun(Build.java:157)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
at hudson.model.Run.execute(Run.java:1856)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:428)
Finished: FAILURE
When installing/configuring dap it asks you for the hostname. It uses this dap hostname to generate the self-signed certificate. When making a request to the dap instance you must use the dap hostname you configured dap with. Typically an IP address will not work since the self-signed certificate does not contain this IP address. I would recommend setting the Conjur Appliance Url to the FQDN of the DAP instance.
Hi @AndrewCopeland,
I am able to login with the ip address using conjur-cli, also conjur-master machine is not part of windows domain so the hostname/fqdn is just localhost. I am not sure how will it resolve the url from jenkins.
I have also checked logging in using conjur-cli with jenkins host user id and password that is working fine.
Maybe another solution would be to add the conjur self signed certificate to the JKS of the jenkins instance (if this has not been done yet). This can be done by executing the command below:
@AndrewCopeland I am also facing same issue my Conjur OSS running on AWS instance I am able to ssh to AWS instance curl working, from my local browser to https://publicIP:8443 working fine. When I try to run Conjur SDK i see same: