Jenkins Git plugin with https

This is a bug in the Jenkins Git Plugin.

You can workaround the credential issue by creating credentials using the credential plugin and then use these credentials in the SCM/Git section of your Job. However, this will expose your user/password in plaintext in the build log if the checkout fails.

Also, this will not work if you are using a HTTP proxy with git. The best way (for now) is to use JGit (to be configured in the Jenkins configuration). However, JGit is experimental and very limited as well when it comes to proxies.

(answer posted due to popular request ;) )


In case you're using a self-signed certificate for your Git repository and Git works from command line but not from Jenkins Git Client plugin, you need to add the certificate to the Jenkins Java Keystore (as described by tijs in the comment above).

This is because Git Client plugin tries to connect directly using Java's Apache HttpClient (bypassing git.exe), so all Git settings normally used to create the connection are ignored (including GIT_SSL_NO_VERIFY and certificates in curl-ca-bundle.crt). The HttpClient throwsSunCertPathBuilderException: unable to find valid certification path to requested target which is unfortunately wrapped in a GitException without stack trace, so all we can see is 'Failed to connect' message.

In order to fix it you can follow the link provided by tijs: http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/

You would need to copy the resulting jssecacerts file to C:\Program Files (x86)\Jenkins\jre\lib\security if you're using default Jenkins installation.

You can find a link to InstallCert.java in the original Andreas Sterbenz post (thanks to web.archive.org), or a slightly modified version at code.google.

I checked the above approach works for Git Client plugin version 1.4.6.


Upgrade your Git client to 2.10.0 or up.

execute below commands.

git config --system http.sslVerify false    
git config --global http.sslVerify false