Jenkins uses HTTP by default. You can enable HTTPS by performing a couple of steps. You need to acquire an SSL certificate and corresponding key for a domain that is under your control, and tell Jenkins that it needs to use these resources.

Jenkins needs a password store to be able to use your SSL certificate. You can convert the certificate (either .crt or .pem) and key file like this:

openssl pkcs12 -inkey example.net.key -in example.net.pem -export -out keys.pkcs12
keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore /var/lib/jenkins/jenkins.jks

You will be prompted for a password when you perform these actions. Use the same password when you edit the file /etc/sysconfig/jenkins:

JENKINS_ARGS="--httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/jenkins.jks --httpsKeyStorePassword=password_you_entered"

Restart Jenkins:

service jenkins restart
Enable HTTPS on Jenkins
Tagged on:

11 thoughts on “Enable HTTPS on Jenkins

  • Pingback:Running Jenkins with SSL on default HTTPS port – Tonmann.com

  • 2018-08-11 at 14:46
    Permalink

    where can I find example.net.pem file or how to generate that file?
    when I ran the command I got output like this.
    openssl pkcs12 -inkey example.net.key -in example.net.pem -export -out keys.pkcs12
    Error opening input file example.net.pem
    example.net.pem: No such file or directory

    Reply
    • 2018-08-12 at 09:09
      Permalink

      The actual SSL certificate needs to be either generated by you or a certificate authority. If you generate one yourself (Google for ‘self-signed certificate’), the connection will be encrypted, but your browser will warn you that the certificate is not safe. If you want a real certificate that the browser recognizes, go to one of many certificate authorities to buy one, or go to letsencrypt.org to get one for free (set-up may be a bit more cumbersome).

      Reply
      • 2018-08-13 at 11:16
        Permalink

        Thank you for the info and reply.

        Reply
  • 2018-09-29 at 04:26
    Permalink

    i Have letsencrypt setup for the jenkins then how will add them into keystore

    Reply
  • 2019-07-23 at 19:17
    Permalink

    Thank you! Worked perfectly.

    Reply
  • 2019-07-30 at 19:37
    Permalink

    https://mohitgoyal.co/2017/02/08/securing-your-jenkins-environment-and-configure-for-auditing/

    I have followed as per the above, but it’s not working any workaround ? appreciate if any on helps.

    I’m end up getting this error message.

    winstone.Logger logInternal
    SEVERE: Container startup failed
    java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
    at winstone.Launcher.spawnListener(Launcher.java:214)
    at winstone.Launcher.(Launcher.java:174)
    at winstone.Launcher.main(Launcher.java:354)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at Main._main(Main.java:375)
    at Main.main(Main.java:151)
    Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
    at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at winstone.AbstractSecuredConnectorFactory.configureSsl(AbstractSecuredConnectorFactory.java:73)
    at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:39)
    at winstone.Launcher.spawnListener(Launcher.java:212)

    Reply
  • 2019-07-31 at 14:46
    Permalink

    This worked for me earlier i was using the strong password.

    Reply
  • 2019-08-04 at 04:25
    Permalink

    Awesome!, Thank you for steps and able to implement successfully.

    Reply
  • 2020-03-17 at 04:15
    Permalink

    Doesnt seem to work with cloudbees distro, especially the jenkins restart part.

    Reply
  • 2020-04-16 at 03:25
    Permalink

    wil it work for 443 instead of 8443?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *