How to include new SSL cert on specific ports

Hi there @jmudse55,

Installing a certificate for Jenkins is a bit different compared to a standard web server like Apache or Nginx, there are a few things that you need to do.

Note: before starting I recommend taking a backup of your current configuration so that in case anything goes wrong, you could restore to the working config

First, you need to obtain a new valid SSL certificate for the domain name in question and get the certificate files:

* The SSL certificate itself, it should be a file ending in `.crt`
* The Private Key, it will be a file ending in `.key`
* And also the CA bundle, in most cases it will again end in `.crt`

After that you need to convert the certificate into a .pfx format, you can either use a tool like openssl or use the SSL Shopper converter tool instead:

https://www.sslshopper.com/ssl-converter.html

After you have the .pfx file you need to convert it to JKS format. To do that, you need to have JDK installed and run the following command:

keytool -importkeystore -srckeystore your_certificate.pfx \
-srcstorepass 'your_pfx_password' -srcstoretype PKCS12 \
-srcalias jenkins.devopscube.com -deststoretype JKS \
-destkeystore jenkins.jks -deststorepass 'your_pfx_password' \
-destalias yourdomain.com

Copy the jenkins.jks file into the /etc/jenkins/ directory and make sure that it has secure permissions:

chmod 700 /etc/jenkins
chmod 600 /etc/jenkins/jenkins.jks

Once this is done edit the Jenkins config:

nano /etc/sysconfig/jenkins

There update the path to the new file and the new password:

JENKINS_HTTPS_KEYSTORE="/etc/jenkins/jenkins.jks"
JENKINS_HTTPS_KEYSTORE_PASSWORD="<your-keystore-password>"

Finally, restart Jenkins so that it could read the new file.

Regards, Bobby