A gist to configure Jenkins to serve over 8443 (HTTPS/TLS) with a self signed certificate. Intended to be used on AWS behind an ALB serving jenkins over 443 (HTTPS/TLS) with a public certificate.

jenkins-self-sign-cert

## Stop jenkins service
sudo service jenkins stop

## Disable Jenkins HTTPS port
sudo sed -i 's|JENKINS_PORT="8080"|JENKINS_PORT="-1"|g' /etc/sysconfig/jenkins

## Add Jenkins HTTPS port (8433)
sudo sed -i 's|JENKINS_HTTPS_PORT=""|JENKINS_HTTPS_PORT="8433"|g' /etc/sysconfig/jenkins

## Add Jenkins HTTPS keystore
sudo sed -i 's|JENKINS_HTTPS_KEYSTORE=""|JENKINS_HTTPS_KEYSTORE="/opt/efs/jenkins/keystore.jks"|g' /etc/sysconfig/jenkins

## Add keystore password, change <keystore_password> to required password. Should be passed in from secrets manager at runtime
sudo sed -i 's|JENKINS_HTTPS_KEYSTORE_PASSWORD=""|JENKINS_HTTPS_KEYSTORE_PASSWORD="<keystore_password>"|g' /etc/sysconfig/jenkins

## Navigate to location of JENKINS_HOME and generate required keystore passing in various required info
cd /opt/efs/jenkins/
sudo keytool -genkey -alias <external/internal_domain> -keyalg RSA -dname 'CN=<external/internal_domain>, OU=UK, O=UK, C=UK, ST=LON, L=WESTMINSTER' -storepass <keystore_password> -validity 365 -keystore keystore.jks -keypass <keystore_password> -deststoretype pkcs12
sudo chown -R jenkins:jenkins /opt/efs/jenkins/keystore.jks

## Start jenkins service
sudo service jenkins start