Enable HTTPS on Jenkins

Jenkins uses HTTP by default. You can enable HTTPS by performing a couple of steps. You need to acquire an SSL certificate and corresponding key for a domain that is under your control, and tell Jenkins that it needs to use these resources.

Jenkins needs a password store to be able to use your SSL certificate. You can convert the certificate (either .crt or .pem) and key file like this:

openssl pkcs12 -inkey example.net.key -in example.net.pem -export -out keys.pkcs12
keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore /var/lib/jenkins/jenkins.jks

You will be prompted for a password when you perform these actions. Use the same password when you edit the file /etc/sysconfig/jenkins:

JENKINS_ARGS="--httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/jenkins.jks --httpsKeyStorePassword=password_you_entered"

Restart Jenkins:

service jenkins restart

9 thoughts on “Enable HTTPS on Jenkins

  1. Permalink  ⋅ Reply

    Ram

    August 11, 2018 at 2:46pm

    where can I find example.net.pem file or how to generate that file?
    when I ran the command I got output like this.
    openssl pkcs12 -inkey example.net.key -in example.net.pem -export -out keys.pkcs12
    Error opening input file example.net.pem
    example.net.pem: No such file or directory

    • Permalink  ⋅ Reply

      admin

      August 12, 2018 at 9:09am

      The actual SSL certificate needs to be either generated by you or a certificate authority. If you generate one yourself (Google for ‘self-signed certificate’), the connection will be encrypted, but your browser will warn you that the certificate is not safe. If you want a real certificate that the browser recognizes, go to one of many certificate authorities to buy one, or go to letsencrypt.org to get one for free (set-up may be a bit more cumbersome).

      • Permalink  ⋅ Reply

        Ram

        August 13, 2018 at 11:16am

        Thank you for the info and reply.

  2. Permalink  ⋅ Reply

    robert

    September 29, 2018 at 4:26am

    i Have letsencrypt setup for the jenkins then how will add them into keystore

  3. Permalink  ⋅ Reply

    Russell

    July 23, 2019 at 7:17pm

    Thank you! Worked perfectly.

  4. Permalink  ⋅ Reply

    Mr.N

    July 30, 2019 at 7:37pm

    https://mohitgoyal.co/2017/02/08/securing-your-jenkins-environment-and-configure-for-auditing/

    I have followed as per the above, but it’s not working any workaround ? appreciate if any on helps.

    I’m end up getting this error message.

    winstone.Logger logInternal
    SEVERE: Container startup failed
    java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
    at winstone.Launcher.spawnListener(Launcher.java:214)
    at winstone.Launcher.(Launcher.java:174)
    at winstone.Launcher.main(Launcher.java:354)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at Main._main(Main.java:375)
    at Main.main(Main.java:151)
    Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
    at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at winstone.AbstractSecuredConnectorFactory.configureSsl(AbstractSecuredConnectorFactory.java:73)
    at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:39)
    at winstone.Launcher.spawnListener(Launcher.java:212)

  5. Permalink  ⋅ Reply

    Mr.N

    July 31, 2019 at 2:46pm

    This worked for me earlier i was using the strong password.

  6. Permalink  ⋅ Reply

    Rama

    August 4, 2019 at 4:25am

    Awesome!, Thank you for steps and able to implement successfully.

Leave a Reply

Your email will not be published. Name and Email fields are required.