Error: Hostname not verified while building test application in Jenkins

Hello,

I have configured jenkins integration with a freestyle sample project, but while building the project in jenkins getting the below error:

Caused: org.conjur.jenkins.exceptions.InvalidConjurSecretException: Hostname dap_master_ip not verified:
certificate: sha256/out5pnBpSGlEQtdxa3Qg++V1FrIRZPIp0JdaobVfq1o=
DN: CN=dap_master_ip
subjectAltNames: [dap_master_ip, localhost, conjur]
at org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsImpl.getSecret(ConjurSecretCredentialsImpl.java:99)
at org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding.bind(ConjurSecretCredentialsBinding.java:60)
at org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper.setUp(SecretBuildWrapper.java:89)
at hudson.model.Build$BuildExecution.doRun(Build.java:157)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
at hudson.model.Run.execute(Run.java:1856)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:428)
Finished: FAILURE

Any help is appreciated!

Thanks,
Shubham

When installing/configuring dap it asks you for the hostname. It uses this dap hostname to generate the self-signed certificate. When making a request to the dap instance you must use the dap hostname you configured dap with. Typically an IP address will not work since the self-signed certificate does not contain this IP address. I would recommend setting the Conjur Appliance Url to the FQDN of the DAP instance.

Let me know if you run into any other issues.

Regards,
Andrew

Hi @AndrewCopeland,
I am able to login with the ip address using conjur-cli, also conjur-master machine is not part of windows domain so the hostname/fqdn is just localhost. I am not sure how will it resolve the url from jenkins.
I have also checked logging in using conjur-cli with jenkins host user id and password that is working fine.

Regards,
Shubham

Hi @shubham,

Maybe another solution would be to add the conjur self signed certificate to the JKS of the jenkins instance (if this has not been done yet). This can be done by executing the command below:

keytool -import -trustcacerts -alias conjur -keystore <java home>/jre/lib/security/cacerts -file <conjur cert as pem>

Thanks,
Andrew

hi @AndrewCopeland,
I have done this step earlier, also tried “keytool -delete -alias conjur -keystore <java home/jre/lib/security/cacerts”

and then, "keytool -import -trustcacerts -alias conjur -keystore <java home/jre/lib/security/cacerts -file "
but still the same error.

Regards,
Shubham