Skip to content

Instantly share code, notes, and snippets.

@geraldvillorente

geraldvillorente/jenkins.md

Last active August 5, 2021 22:23
Show Gist options
  • Save geraldvillorente/26acf3a351643c618125 to your computer and use it in GitHub Desktop.
Save geraldvillorente/26acf3a351643c618125 to your computer and use it in GitHub Desktop.
Download ZIP
How to enable SSL in Jenkins
Raw
jenkins.md

Enabling SSL in Jenkins is a bit tricky. To do this first you need to convert your keys to PKCS12.

$ sudo openssl pkcs12 -inkey key.pem -in cert.pem -export -out keys.pkcs12

Then created a keystore (password for keystore should be same as password for key).

$ sudo keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore keystore

Then update the Jenkins config file. In Ubuntu it is located on /etc/default/jenkins. Should be like this...

HTTPS_PORT=8443
KEYSTORE=/etc/letsencrypt/live/domain.com/keystore
PASSWORD=xxxxxxxx
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpsPort=$HTTPS_PORT --httpsKeyStore=$KEYSTORE --httpsKeyStorePassword=$PASSWORD --httpPort=-1"
@jdhines
Copy link

jdhines commented Aug 5, 2021

This was the simplest thing I'd found via google, so tried it. I already had a PKCS12 cert/keystore, so followed this and jenkins restarts, but still can't access via the browser (get an ERR_CONNECTION_REFUSED). Any ideas?

@jdhines
Copy link

jdhines commented Aug 5, 2021

I tried taking the keystore stuff out of args (apparently that make jenkins create its own certificate), and in the browser chrome just said the connection wasn't secure and the credentials were scrambled, so I might just try using keytool to generate a JKS cert and trying that. Maybe it didn't like my actual certificate from the CA for some reason (it included a root chain, not sure if that was the issue as I don't know much about all this).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment