Resolving Jenkins Artifactory Plugin Upload Failures on AIX by Setting SSL_CERT_FILE and TLS Properties

The author describes a two‑day investigation into why the Jenkins Artifactory plugin failed to upload artifacts over HTTPS on IBM AIX, while the same operation worked on Windows, Linux and other Unix platforms.

After migrating from Artifactory OSS to Enterprise, the upload errors manifested as “A system call received a parameter that is not valid (Read failed)” for both GET and PUT requests. The root cause was the lack of a trusted SSL certificate on the AIX system.

Using curl to call the Artifactory REST API reproduced the failure, showing an “Unknown SSL protocol error”. Supplying the CA certificate with curl --cacert /var/ssl/cacert.pem succeeded and returned the Artifactory version JSON.

curl --cacert /var/ssl/cacert.pem https://artifactory.company.com/artifactory/api/system/version
{
  "version" : "6.9.0",
  "revision" : "60900900",
  ...
}

To make Jenkins use the same certificate, the environment variable SSL_CERT_FILE was set to the path of cacert.pem :

set SSL_CERT_FILE=/var/ssl/cacert.pem

However, the Jenkins agent runs a remote.jar process that does not inherit the host environment. The solution was to pass a JVM option that forces IBM’s JSSE to enable TLS 1.2, matching Oracle’s behavior:

-Dcom.ibm.jsse2.overrideDefaultTLS=true

Adding this option to the agent’s JVM settings, restarting the agent, and ensuring SSL_CERT_FILE is defined allowed the Jenkins pipeline to successfully upload artifacts to Artifactory on AIX.

The article concludes with reflections on the learning experience and advice to seek help from experienced colleagues when stuck.

Property value setting

Protocol enabled

false

TLS V1.0

true

TLS V1.0, V1.1, and V1.2