Scenario
We have both Linux and Windows remote build agents in our environment, so I have a Bamboo plan that runs jobs on both for smoke testing changes that I'm making to Bamboo. One such recent change is I just installed the Bamboo JFrog Plugin with eyes toward eventually replacing the deprecated Bamboo Artifactory Plugin with it.
Testing has not gone so well. A test with jf rt ping works fine on the Linux agents, but fails with a javax.net.ssl.SSLHandshakeException when trying to download the jf.exe binary on Windows agents.
Environment Configuration Details
Bamboo Version: 9.6.15
Plugin Version: 1.0.5
Agent OS Version: Windows Server 2022 Standard Core
Agent Java Version: 17.0.16.8 (Microsoft OpenJDK)
Artifactory Version: 7.111.4 (self-hosted)
Additionally, the Bamboo Agent is configured to use the Windows trust store for TLS through its service wrapper.
Error Details
Here is the relevant excerpt from the job log:
04-Sep-2025 00:15:03 Starting task 'JFrog Artifactory Ping' of type 'org.jfrog.bamboo.bamboo-jfrog-plugin:JfTask'
04-Sep-2025 00:15:03 [JFrog Plugin] Getting JFrog CLI executable...
04-Sep-2025 00:15:04 [JFrog Plugin] Download 'jf.exe' latest version from: https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/[RELEASE]/jfrog-cli-windows-amd64/jf.exe
31-Dec-1969 14:00:00
04-Sep-2025 00:15:04 [JFrog Plugin] Error occurred for request GET /filestore/97/974ddeeb378b5760a6ccad5fc34c002a11e90b66?response-content-type=application%2Foctet-stream&response-content-disposition=attachment%3Bfilename%3D%22jf.exe%22&x-jf-traceId=e4e3f67aa585e478d671c3a807ea3b4b&X-Artifactory-repositoryKey=jfrog-cli&X-Artifactory-projectKey=default&X-Artifactory-artifactPath=v2-jf%2F2.78.9%2Fjfrog-cli-windows-amd64%2Fjf.exe&X-Artifactory-username=anonymous&X-Artifactory-repoType=local&X-Artifactory-packageType=generic&X-Artifactory-originRepositoryKey=jfrog-cli&X-Artifactory-originProjectKey=default&X-Artifactory-originRepoType=local&X-Artifactory-originPackageType=generic&Expires=1756945504&Signature=VvQ7gCGy~GsxrP3BjmLf9mlILjPvfkDpWxeY9RqJz-x6noEln-XnWTLgFEv2HqrsWsYsI2c37He2K0ABjJaz70sRegHM61~XYG5b-1oYXLaM9OnBs8SMYZbnhFZCrw74Xv0kUPPYnkF5RHMQcUOPQEqlWG7cHE8gNWlZiZzWoMQaVKmoHA4A~P5feC1GDjkyKfGX0ghYkaSBMNP5Dzjq-IUNCmxj7Qq4ZWcj1wXWxUThp1MdS8MCAW-yhUG1OvPujcC3lIb35ZbEpmElARZWAoUJkNMpTJd89NLHl7qGI36LGMq4iYPABo8ffhqtgTb1IP2UXWbunimJfnDjtDOugw__&Key-Pair-Id=APKAJ6NHFWMVU3M6DPBA HTTP/1.1: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
04-Sep-2025 00:15:04 [JFrog Plugin] IOException: Failed while running download CLI command with error: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
04-Sep-2025 00:15:04 java.io.IOException: Failed while running download CLI command with error: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
04-Sep-2025 00:15:04 at org.jfrog.bamboo.JfInstaller.getJfExecutable(JfInstaller.java:111)
04-Sep-2025 00:15:04 at org.jfrog.bamboo.JfTask.execute(JfTask.java:67)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.task.TaskExecutorImpl.lambda$executeTasks$2(TaskExecutorImpl.java:321)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.task.TaskExecutorImpl.executeTaskWithPrePostActions(TaskExecutorImpl.java:258)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.task.TaskExecutorImpl.executeTasks(TaskExecutorImpl.java:321)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.task.TaskExecutorImpl.execute(TaskExecutorImpl.java:118)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.build.pipeline.tasks.ExecuteBuildTask.call(ExecuteBuildTask.java:76)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.v2.build.agent.DefaultBuildAgent.executeBuildPhase(DefaultBuildAgent.java:242)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.v2.build.agent.DefaultBuildAgent.build(DefaultBuildAgent.java:214)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.v2.build.agent.BuildAgentControllerImpl.lambda$waitAndPerformBuild$0(BuildAgentControllerImpl.java:183)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.variable.CustomVariableContextImpl.withVariableSubstitutor(CustomVariableContextImpl.java:115)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.v2.build.agent.BuildAgentControllerImpl.waitAndPerformBuild(BuildAgentControllerImpl.java:176)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.v2.build.agent.DefaultBuildAgent.lambda$start$0(DefaultBuildAgent.java:159)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.utils.BambooRunnables$1.run(BambooRunnables.java:48)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.security.ImpersonationHelper.runWith(ImpersonationHelper.java:26)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.security.ImpersonationHelper.runWithSystemAuthority(ImpersonationHelper.java:17)
04-Sep-2025 00:15:04 at com.atlassian.bamboo.security.ImpersonationHelper.lambda$makeRunnableWithSystemAuthority$0(ImpersonationHelper.java:38)
04-Sep-2025 00:15:04 at java.base/java.lang.Thread.run(Thread.java:840)
04-Sep-2025 00:15:04 Finished task 'JFrog Artifactory Ping' with result: Error
It appears that either the plugin or the agent doesn't trust the SSL certificate for releases.jfrog.io. I verified that the agent host OS can reach the site and trusts the certificate using PowerShell:
PS> Invoke-WebRequest https://releases.jfrog.io -UseBasicParsing
StatusCode : 200
StatusDescription : OK
The Java cacerts keystore on these agents contains a root CA listing whose fingerprint matches the root CA that issued the certificate on the site:
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
cn=digicert_global_root_g2,ou=www.digicert.com,o=digicert_inc,c=us, Mar 7, 2025, trustedCertEntry,
Certificate fingerprint (SHA-256): CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F
Given that both the OS and JDK trust the Digicert certificate on that URL, I'm reasonably certain that this is an issue with the plugin.
Scenario
We have both Linux and Windows remote build agents in our environment, so I have a Bamboo plan that runs jobs on both for smoke testing changes that I'm making to Bamboo. One such recent change is I just installed the Bamboo JFrog Plugin with eyes toward eventually replacing the deprecated Bamboo Artifactory Plugin with it.
Testing has not gone so well. A test with
jf rt pingworks fine on the Linux agents, but fails with ajavax.net.ssl.SSLHandshakeExceptionwhen trying to download thejf.exebinary on Windows agents.Environment Configuration Details
Bamboo Version: 9.6.15
Plugin Version: 1.0.5
Agent OS Version: Windows Server 2022 Standard Core
Agent Java Version: 17.0.16.8 (Microsoft OpenJDK)
Artifactory Version: 7.111.4 (self-hosted)
Additionally, the Bamboo Agent is configured to use the Windows trust store for TLS through its service wrapper.
Error Details
Here is the relevant excerpt from the job log:
It appears that either the plugin or the agent doesn't trust the SSL certificate for
releases.jfrog.io. I verified that the agent host OS can reach the site and trusts the certificate using PowerShell:The Java
cacertskeystore on these agents contains a root CA listing whose fingerprint matches the root CA that issued the certificate on the site:Given that both the OS and JDK trust the Digicert certificate on that URL, I'm reasonably certain that this is an issue with the plugin.