Wednesday, May 24, 2017

Configure Jenkins to run on SSL port (HTTPS)

By default Jenkins is configured to start on HTTP port 8080 after install

Instructions to change this to use a HTTPS/SSL port with a custom certificate explained below.

These steps were followed on a windows machine.
The assumption at this point is Jenkins is up and running, and you already have an SSL certificate available in the default windows certificate store (or already have a pfx handy).

Tips:
To find JENKINS_HOME, go to dashboard and follow path
In Menu, Jenkins, Manage Jenkins, system Information (or visit in browser http://yourserver:8080/systemInfo)
Scroll down and make a note of JENKINS_HOME

To restart Jenkins, you can issue a command like
http://yourserver:8080/restart
or issue below from command line (assuming default install path in windows - JENKINS_HOME - is C:\Program Files (x86)\Jenkins)
"C:\Program Files (x86)\Jenkins\jenkins.exe" restart

Watch for any errors at
C:\Program Files (x86)\Jenkins\jenkins.err.log

Steps to run on SSL/HTTPS with custom certificate

 Step A: Fix the URL Jenkins is running

  1. Navigate to Jenkins, Manage Jenkins, Configure system (or go to http://yourserver:8080/configure)
  2. Scroll and find "Jenkins URL" and fix this. ie; change from localhost correct server name


Step B: Export your pfx certificate from windows (skip if you already have a pfx available)

  1. In windows having the certificate you need to use, Start, Run, mmc, hit Enter
  2. File, Add Remove Snap-in, certificates, Add, Computer Account
  3. Locate the certificate you want to use and right click on it
  4. All Tasks, Export, next, select option "yes, export the private key", next, select option .PFX, "Include all certificates in the certification path if possible", "Export all extended properties"
  5. Next, Password, set something you remember, next and save the file.
  6.  Lets assume the exported pfx is called myCustomCert.pfx & password is MyPass#436


Step C: Convert PFX to java keystore

  1. Start, Run, cmd
  2. In command line, naviage to the folder you have saved the pfx file
  3. Use java keytool to convert the certificate. Note: if you are running Jenkins with 32 bit java, you have to use 32 bit keytool to generate the certificate. To be on safer side, we will use the jre that comes with Jenkins assuming this is the one that's used to run Jenkins. Additionally, you can see I am using the same password again for import and exporting to new keystore. This was because I was running into trouble with jenkins not loading the file if I use a different password
  4. "C:\Program Files (x86)\Jenkins\jre\bin\keytool" -importkeystore -srckeystore myCustomCert.pfx -srcstoretype pkcs12 -srcstorepass MyPass#436 -destkeystore myCustomCert.jks -deststoretype jks -deststorepass MyPass#436
  5. Copy the generated myCustomCert.jks to JENKINS_HOME (in the default case C:\Program Files (x86)\Jenkins)
  6. Edit jenkns.xml from JENKINS_HOME (C:\Program Files (x86)\Jenkins). I have used Visual Studio Code as notepad is not able to read the file properly (formatting mess)
  7. Find line like below -Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=8080 --webroot="%BASE%\war"
  8. Change as below (changes bolded) -Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=-1 --httpsPort=8080 --webroot="%BASE%\war" --httpsKeyStore="%BASE%\myCustomCert.jks" --httpsKeyStorePassword=MyPass#436
  9. Restart Jenkins
  10. After restart you should be able to access Jenkins via the https protocol; (eg. https://yourserver:8080)
at 4 comments:
Labels:
Subscribe to: Posts (Atom)

Turn on Windows 11 Fast Boot

If windows starting is slow, to enable windows 11 fast startup/boot,  Press Windows + R, type powercfg.cpl, and hit Enter.  This will direct...