Jenkins slave agent launch fails

Question

When launching a slave agent from a slave machine using the "Launch agent from browser on slave" option, it fails. It opens a window for slave-agent.jnlp and when opened with Java Web Start Launcher, it shows the launching application pop up and then another pop up comes with "Failed to Validate Certificate" message.

And the error details are:

java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException:
java.security.InvalidKeyException: Wrong key usage
    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
    at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
    at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
    at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.launch(Unknown Source)
    at com.sun.javaws.Main.launchApp(Unknown Source)
    at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
    at com.sun.javaws.Main$1.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException:
 java.security.InvalidKeyException: Wrong key usage
    at sun.security.provider.certpath.OCSPResponse.verifyResponse(Unknown Source)
    at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)
    at sun.security.provider.certpath.OCSP.check(Unknown Source)
    at sun.security.provider.certpath.OCSP.check(Unknown Source)
    at com.sun.deploy.security.TrustDecider.doOCSPEEValidation(Unknown Source)
    ... 13 more
Caused by: java.security.InvalidKeyException: Wrong key usage
    at java.security.Signature.initVerify(Unknown Source)
    ... 18 more

Whereas when I run the "if the slave is headless:" option it opens a command prompt and shows messages of getting connected to the master. The slave also shows online on the dashboard.

The master is on my local machine, and I connect to a remote machine (Windows XP) via VPN. I want to use this remote as slave as a Windows service rather than running through a command prompt. How can I do this?

Answer 1

After installing the Jenkins slave as a service, go to the configured "Remote root directory" on your slave, open the jenkins-slave.xml file in a text editor, add -noCertificateCheck to the end of the <arguments> tag, and restart the service. That should get rid of the certificate exception.