Failed to download artifact to retrieval agent

Document ID : KB000103453
Last Modified Date : 26/06/2018
Show Technical Document Details
Issue:

While trying to run a deployment the artifact distribution stage receives the following error: Failed to download artifact[Artifact[NameOfArtifactType.NameOfArtifactDefinition.ArtifactName_ArtifactVersion'] to retrieve agent [NameOfArtifactRetrievalAgent]

Environment:
CA Release Automation v5.x and above.
Cause:
In this case the artifact retrieval agent was setup to pull the file from an https URL. For this to work the artifact retrieval agent needs the certificate for that https site imported into its java keystore. The nolio_all.log file from the artifact retrieval agent confirms the cause and will general the following error message when it tries to access an https site that it doesnot have a certificate for (needed to establish a proper SSL handshake):
2018-06-26 10:40:58,617 [ArtifactsHandlers-1] DEBUG (com.nolio.platform.shared.datamodel.Action:167) - Accessing URL [https://yourUrl/path/to/file] with parameters [[]], 
2018-06-26 10:40:58,758 [ArtifactsHandlers-1] ERROR (com.nolio.platform.shared.datamodel.Action:181) - exception caught 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

 
Resolution:
  1. Download the certificate from the site in question.
  2. If necessary, convert the certificate obtained in step #1 into an x509 format that can be imported into a java keystore (see additional info section below).
  3. Import the certificate into the agents java keystore. You can do this by opening a command prompt on the artifact retrieval agent machine and:
    1. cd <NolioAgentInstallationFolder>
    2. jre/bin/keytool -importcert -file <fileFromStep2> -keystore jre/lib/security/cacerts -alias <aliasNameOfYourChoosing>
  4. Restart the agent service.
Additional Information:

Regarding Step 2 (in the resolution section), please note the following keytool guidelines for importing certificates:

https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html#keytool_option_importcert