Jenkins uses HTTP by default. You can enable HTTPS by performing a couple of steps. You need to acquire an SSL certificate and corresponding key for a domain that is under your control, and tell Jenkins that it needs to use these resources.
Jenkins needs a password store to be able to use your SSL certificate. You can convert the certificate (either .crt or .pem) and key file like this:
openssl pkcs12 -inkey example.net.key -in example.net.pem -export -out keys.pkcs12 keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore /var/lib/jenkins/jenkins.jks
You will be prompted for a password when you perform these actions. Use the same password when you edit the file /etc/sysconfig/jenkins:
JENKINS_ARGS="--httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/jenkins.jks --httpsKeyStorePassword=password_you_entered"
Restart Jenkins:
service jenkins restart
Enable HTTPS on Jenkins
Pingback:Running Jenkins with SSL on default HTTPS port – Tonmann.com
where can I find example.net.pem file or how to generate that file?
when I ran the command I got output like this.
openssl pkcs12 -inkey example.net.key -in example.net.pem -export -out keys.pkcs12
Error opening input file example.net.pem
example.net.pem: No such file or directory
The actual SSL certificate needs to be either generated by you or a certificate authority. If you generate one yourself (Google for ‘self-signed certificate’), the connection will be encrypted, but your browser will warn you that the certificate is not safe. If you want a real certificate that the browser recognizes, go to one of many certificate authorities to buy one, or go to letsencrypt.org to get one for free (set-up may be a bit more cumbersome).
Thank you for the info and reply.
i Have letsencrypt setup for the jenkins then how will add them into keystore
Thank you! Worked perfectly.
https://mohitgoyal.co/2017/02/08/securing-your-jenkins-environment-and-configure-for-auditing/
I have followed as per the above, but it’s not working any workaround ? appreciate if any on helps.
I’m end up getting this error message.
winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
at winstone.Launcher.spawnListener(Launcher.java:214)
at winstone.Launcher.(Launcher.java:174)
at winstone.Launcher.main(Launcher.java:354)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at Main._main(Main.java:375)
at Main.main(Main.java:151)
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at winstone.AbstractSecuredConnectorFactory.configureSsl(AbstractSecuredConnectorFactory.java:73)
at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:39)
at winstone.Launcher.spawnListener(Launcher.java:212)
This worked for me earlier i was using the strong password.
Awesome!, Thank you for steps and able to implement successfully.
Doesnt seem to work with cloudbees distro, especially the jenkins restart part.
wil it work for 443 instead of 8443?