Enable HTTPS in jenkins?

Question

I have a private network with a local IP. I want to Enable HTTPS for my Jenkins server which is static IP W.X.Y.Z:8080.

Jenkins version 2.9
java version \"1.         


        

Answer 1

If you have your new instance of Jenkins which is a copy of your old Jenkins instance. Copy the cacerts which will be located at ..\Jenkins\jre\lib\security to the jre\secrets folder of your existing new Jenkins instance.

In jenkins.xml change the arguments accordingly, e.g.:

<arguments>
    -Xrs 
    -Xmx256m 
    -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle 
    -jar "%BASE%\jenkins.war" 
    --httpPort=-1 
    --httpsPort=8443 
    --httpsKeyStore="%BASE%\secrets\keystore" 
    --httpsKeyStorePassword=your.password.here
</arguments>

Answer 2

You'll need to pass a parameter for the keystore or .pem file of the private key

https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins

Answer 3

If you have a valid certificate and you do not want to enable HTTPS for your Jenkins but still want an SSL enable traffic then here is another way.

In my case, I put Jenkins behind my Nginx web server. So here are the steps which I follow:

1. I have installed Nginx server. (sudo apt install nginx)
2. Copy the cert files in that machine. (Files are: <my-cert>.crt and <my-cert>.key)

3. Changed the nginx configuration in /etc/nginx/sites-available/default file to something like this:

   ssl_certificate /etc/nginx/<my-cert>.crt;
   ssl_certificate_key /etc/nginx/<my-cert>.key;
   

4. Follow the steps mentioned in the Jenkins Wiki.

5. And everything works like a charm...

---

By doing these steps the request flow will be like this:

1. Request goes to Nginx web server.
2. The reverse proxy redirects the traffic to the localhost:8080 (or custom IP: port) where Jenkins is running.
3. Jenkins will serve the request and give the response to Nginx
4. Nginx will return the response.

You can do the same with Apache, HAProxy, and squid, see

• Running Jenkins with native SSL / HTTPS
• Running Jenkins behind Nginx
• Jenkins behind an NGinX reverse proxy)

Answer 4

You can enable Jenkins via HTTPS with following steps:

1. Create Certificate using Java

   keytool -genkey -keyalg RSA -alias "localhost" -keystore "C:\Users\username\Desktop\New folder\localhost.jks" -validity 365 -keysize 2048 -dname "CN=localhost, OU=OU_name, O=OU_name, L=city, ST=State_name, C=two_letter_country_code" -ext SAN=dns:localhost,ip:ip_address -storepass changeit
   

2. Export p12 Public Certificate from key-store file

   keytool -importkeystore -srckeystore "C:\Users\username\Desktop\New folder\localhost.jks" -storepass changeit -destkeystore "C:\Users\username\Desktop\New folder\localhost.p12" -srcstoretype JKS -deststoretype PKCS12 -deststorepass changeit
   

3. Host Jenkins using key-store (JKS) file

   java -jar jenkins.war --httpsPort=8082 --httpPort=-1 --httpsKeyStore="C:\Users\username\Desktop\New folder\localhost.jks" --httpsKeyStorePassword=changeit
   

4. Import the Certificate into Browser

You may have question like why we have exported *.p12 certificate...well, this certificate we are going to import into our browser where we access Jenkins. The same p12 certificate can be shared between multiple users.

For example in Chrome go to Setting>Search - "Manage Certificate" and click on "Manage Certificate" you will get an "Certificate" window. Import the certificate into each tab (Personnel, Other People, Intermediate Certificate Authorities, Trusted Root Certification Authorities, Trusted Publishers and Untrusted Publishers).