Enable HTTPS on Jenkins

Jenkins uses HTTP by default. You can enable HTTPS by performing a couple of steps. You need to acquire an SSL certificate and corresponding key for a domain that is under your control, and tell Jenkins that it needs to use these resources.

Jenkins needs a password store to be able to use your SSL certificate. You can convert the certificate (either .crt or .pem) and key file like this:

openssl pkcs12 -inkey example.net.key -in example.net.pem -export -out keys.pkcs12
keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore /var/lib/jenkins/jenkins.jks

You will be prompted for a password when you perform these actions. Use the same password when you edit the file /etc/sysconfig/jenkins:

JENKINS_ARGS="--httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/jenkins.jks --httpsKeyStorePassword=password_you_entered"

Restart Jenkins:

service jenkins restart

4 thoughts on “Enable HTTPS on Jenkins

  1. Permalink  ⋅ Reply

    Ram

    August 11, 2018 at 2:46pm

    where can I find example.net.pem file or how to generate that file?
    when I ran the command I got output like this.
    openssl pkcs12 -inkey example.net.key -in example.net.pem -export -out keys.pkcs12
    Error opening input file example.net.pem
    example.net.pem: No such file or directory

    • Permalink  ⋅ Reply

      admin

      August 12, 2018 at 9:09am

      The actual SSL certificate needs to be either generated by you or a certificate authority. If you generate one yourself (Google for ‘self-signed certificate’), the connection will be encrypted, but your browser will warn you that the certificate is not safe. If you want a real certificate that the browser recognizes, go to one of many certificate authorities to buy one, or go to letsencrypt.org to get one for free (set-up may be a bit more cumbersome).

      • Permalink  ⋅ Reply

        Ram

        August 13, 2018 at 11:16am

        Thank you for the info and reply.

Leave a Reply

Your email will not be published. Name and Email fields are required.