Hi there @jmudse55,
Installing a certificate for Jenkins is a bit different compared to a standard web server like Apache or Nginx, there are a few things that you need to do.
Note: before starting I recommend taking a backup of your current configuration so that in case anything goes wrong, you could restore to the working config
First, you need to obtain a new valid SSL certificate for the domain name in question and get the certificate files:
* The SSL certificate itself, it should be a file ending in `.crt`
* The Private Key, it will be a file ending in `.key`
* And also the CA bundle, in most cases it will again end in `.crt`
After that you need to convert the certificate into a .pfx
format, you can either use a tool like openssl
or use the SSL Shopper converter tool instead:
https://www.sslshopper.com/ssl-converter.html
After you have the .pfx
file you need to convert it to JKS format. To do that, you need to have JDK installed and run the following command:
keytool -importkeystore -srckeystore your_certificate.pfx \
-srcstorepass 'your_pfx_password' -srcstoretype PKCS12 \
-srcalias jenkins.devopscube.com -deststoretype JKS \
-destkeystore jenkins.jks -deststorepass 'your_pfx_password' \
-destalias yourdomain.com
Copy the jenkins.jks
file into the /etc/jenkins/
directory and make sure that it has secure permissions:
chmod 700 /etc/jenkins
chmod 600 /etc/jenkins/jenkins.jks
Once this is done edit the Jenkins config:
- nano /etc/sysconfig/jenkins
There update the path to the new file and the new password:
JENKINS_HTTPS_KEYSTORE="/etc/jenkins/jenkins.jks"
JENKINS_HTTPS_KEYSTORE_PASSWORD="<your-keystore-password>"
Finally, restart Jenkins so that it could read the new file.
Regards,
Bobby