The problem of using Git plugin to access the HTTPS code base in Jenkins

A recent need to configure a JOB,SCM source on Jenkins is HTTP//git.opendaylight.org/gerrit/p/integration.git
So using Jenkins's Git plugin to do this thing.
The resulting error is as follows:

Hudson.plugins.git.GitException:Failed to fetch from Https://git.opendaylight.org/gerrit/p/integration.git at HUDs        On.plugins.git.GitSCM.fetchFrom (gitscm.java:627) at Hudson.plugins.git.GitSCM.retrieveChanges (gitscm.java:865) At Hudson.plugins.git.GitSCM.checkout (gitscm.java:890) at Hudson.model.AbstractProject.checkout (Abstractproject. java:1415) at Hudson.model.abstractbuild$abstractbuildexecution.defaultcheckout (abstractbuild.java:652) at J Enkins.scm.SCMCheckoutStrategy.checkout (scmcheckoutstrategy.java:88) at hudson.model.abstractbuild$ Abstractbuildexecution.run (abstractbuild.java:561) at Hudson.model.Run.execute (run.java:1678) at Hudson.mode L.freestylebuild.run (freestylebuild.java:46) at Hudson.model.ResourceController.execute (Resourcecontroller.java : +) at Hudson.model.Executor.run (executor.java:231) caused By:hudson.plugins.git.GitException:sun.security.valida Tor. Validatorexception:pkix Path Building FAiled:sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested Target at Org.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkCredentials (cligitapiimpl.java:2198) at Org.jen Kinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials (cligitapiimpl.java:1152) at org.jenkinsci.plugins.gitclient.cligitapiimpl.access$200 (cligitapiimpl.java:87) at Org.jenkinsci.plugins.gitclient.cligitapiimpl$1.execute (cligitapiimpl.java:266) at Hudson.plugins.git.GitSCM.fetchFrom (gitscm.java:625) ... Ten more

But running git clone directly on the command line is good, so what's the difference? Check on the Internet, got some ideas, that is, Jenkins overall is built on the Java, before entering the scope of the GIT takeover, Java is doing something, since git itself can work, then it should be the Java side of the problem.
Checked the specific error, found to be related to the SSL/TSL certificate. See StackOverflow on the comrade said Git plugin itself has a bug can not support HTTPS, I think it should not, see the Git plugin home (https://wiki.jenkins-ci.org/ Display/jenkins/git+plugin) also did not find any clue. And then casually tried a bit of GitHub on a https git library, can be clone down, this means that the support of HTTPS is no problem. So where does the problem go? After reviewing the principle of SSL/TSL, think that the problem should be on the issuing CA, so in the browser to see how the two CAs are different, as follows:

GitHub uses Digicert certificates, while Opendaylight uses startcom. On the Internet, this startcom issue of the whole number is actually free. This seems to be because Java does not trust this CA. Then the solution should be to add this CA to the Java Trust list. The following are the specific practices:
1. First get the startcom certificate file (xxx.cer). Where do you get it from? Since the browser is able to access the system is to trust the startcom certificate, so first open the system's certificate management interface. In the Mac is keychain, find the startcom certificate after opening, and then right-click to export to a. cer file named Startcom.cer.

2. Then use the following command to import the above CER file into the Java Runtime system:

Keytool-import-alias startcom  -keystore%jre_home/lib/security/cacerts  -file startcom.cer

You will be prompted for a password when you run the command, and the password is ' Changeit ' if you have not changed it.
Then run the following command to see that the startcom has been added.

Keytool-list-keystore  %jre_home/lib/security/cacerts   Less

Then configure the GIT path in Jenkins and Git clone succeeds!

The problem of using Git plugin to access the HTTPS code base in Jenkins