To run Jenkins with HTTPS, you need to configure SSL in Jenkins. In this article we will explain to you about “How to enable SSL in Jenkins server” to secure your production environment.
Now lets follow the process to configure SSL on your Jenkins server and see how it works.
Step 1: Generate CSR certificate
Execute the following command to generate csr certificate and give name “demo.ssl.csr“.
openssl req -new > demo.ssl.csr
Step 2: Create a key file
Use your PEM file and execute the following command to create a file for the generating certificate and give the name “demo.cert.key“.
openssl rsa -in privkey.pem -out demo.cert.key
Step 3: Create CSR certificate using Key file
Now we have a Key file and CSR file, run following command to create CSR file and define retention periods.
openssl x509 -in demo.ssl.csr -out demo.cert.cert -req -signkey demo.cert.key -days 180
Step 4: Create pkcs12 file
Now, use following command to create an intermediate pkcs12 file and define following parameters.
- Give name of pkcs12 file name, example- jenkins_demo.p12
- Set strong password for pkcs12 file
- Give FQDN or alias name, example- sopblog.com
openssl pkcs12 -export -out jenkins_demo.p12 -passout 'pass:password' \ -inkey demo.cert.key -in demo.cert.cert -name sopblog.com
Step 5: Create Java Keystore file (JKS)
Now we will use Ketstore command-line tool to generate a new key “jenkins_demo_jks” and will set a password in deststorepass field.
keytool -importkeystore -srckeystore jenkins_demo.p12 \ -srcstorepass 'password' -srcstoretype PKCS12 \ -srcalias sopblog.com -deststoretype JKS \ -destkeystore jenkins_demo.jks -deststorepass 'password' \ -destalias sopblog.com
Step 6: Copy keystore file to Jenkins
Execute following commands to create keystore directory and add keystore file to Jenkins at default location as well as change directory permissions.
cd /var/lib/jenkins mkdir keystore cp ~/jenkins_demo.jks /var/lib/jenkins/keystore/
chmod 700 keystore/
Step 7: Change in Jenkins file
Make few changes in the Jenkins’s file property. Open the file /etc/sysconfig/jenkins file.
sudo vi /etc/sysconfig/jenkins
Now find and replace
keystore-password with the Keystore password, as you set in step 5 and set port no. Here in my case I used port 8080 but you can use any other port as you want.
JENKINS_PORT="-1" JENKINS_HTTPS_PORT="8080" JENKINS_HTTPS_KEYSTORE="/var/lib/jenkins/keystore/jenkins_demo.jks" JENKINS_HTTPS_KEYSTORE_PASSWORD="<keystore-password>" JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0"
Save the configuration file and restart Jenkins service and check status.
sudo systemctl restart jenkins
sudo systemctl status jenkins
[email protected]:~$ sudo systemctl status jenkins
● jenkins.service – LSB: Start Jenkins at boot time
Loaded: loaded (/etc/init.d/jenkins; generated)
Active: active (exited) since Sat 2020-09-05 16:10:55 UTC; 2h 48min ago
Tasks: 0 (limit: 2332)
Step 8: Validate the configuration
Congratulation, we’re done with all steps. Now this should redirect your custom name from http: / / localhost: 8080 to https:// in your newly secured Jenkins. You should be able to access your Jenkins server over https at port 8080.