To run Jenkins with HTTPS, you need to configure SSL in Jenkins. In this article we will explain to you about “How to enable SSL in Jenkins server” to secure your production environment.

Now lets follow the process to configure SSL on your Jenkins server and see how it works.

Step 1: Generate CSR certificate

Execute the following command to generate csr certificate and give name “demo.ssl.csr“.

openssl req -new > demo.ssl.csr

Step 2: Create a key file

Use your PEM file and execute the following command to create a file for the generating certificate and give the name “demo.cert.key“.

openssl rsa -in privkey.pem -out demo.cert.key

Step 3: Create CSR certificate using Key file

Now we have a Key file and CSR file, run following command to create CSR file and define retention periods.

openssl x509 -in demo.ssl.csr -out demo.cert.cert -req -signkey demo.cert.key -days 180

Step 4: Create pkcs12 file

Now, use following command to create an intermediate pkcs12 file and define following parameters.

  1. Give name of pkcs12 file name, example- jenkins_demo.p12
  2. Set strong password for pkcs12 file
  3. Give FQDN or alias name, example- sopblog.com
openssl pkcs12 -export -out jenkins_demo.p12 -passout 'pass:password' \
-inkey demo.cert.key -in demo.cert.cert -name sopblog.com

Step 5: Create Java Keystore file (JKS)

Now we will use Ketstore command-line tool to generate a new key “jenkins_demo_jks” and will set a password in deststorepass field.

keytool -importkeystore -srckeystore jenkins_demo.p12 \
-srcstorepass 'password' -srcstoretype PKCS12 \
-srcalias sopblog.com -deststoretype JKS \
-destkeystore jenkins_demo.jks -deststorepass 'password' \
-destalias sopblog.com

Step 6: Copy keystore file to Jenkins

Execute following commands to create keystore directory and add keystore file to Jenkins at default location as well as change directory permissions.

cd /var/lib/jenkins
mkdir keystore
cp ~/jenkins_demo.jks /var/lib/jenkins/keystore/
chmod 700 keystore/

Step 7: Change in Jenkins file

Make few changes in the Jenkins’s file property. Open the file /etc/sysconfig/jenkins file.

sudo vi /etc/sysconfig/jenkins

Now find and replace keystore-password with the Keystore password, as you set in step 5 and set port no. Here in my case I used port 8080 but you can use any other port as you want.

JENKINS_PORT="-1"
JENKINS_HTTPS_PORT="8080"
JENKINS_HTTPS_KEYSTORE="/var/lib/jenkins/keystore/jenkins_demo.jks"
JENKINS_HTTPS_KEYSTORE_PASSWORD="<keystore-password>"
JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0"

Save the configuration file and restart Jenkins service and check status.

sudo systemctl restart jenkins
sudo systemctl status jenkins

[email protected]:~$ sudo systemctl status jenkins
● jenkins.service – LSB: Start Jenkins at boot time
Loaded: loaded (/etc/init.d/jenkins; generated)
Active: active (exited) since Sat 2020-09-05 16:10:55 UTC; 2h 48min ago
Docs: man:systemd-sysv-generator(8)
Tasks: 0 (limit: 2332)
CGroup: /system.slice/jenkins.service

Step 8: Validate the configuration

Congratulation, we’re done with all steps.  Now this should redirect your custom name from http: / / localhost: 8080 to https:// in your newly secured Jenkins. You should be able to access your Jenkins server over https at port 8080.

https://<dns_name/ip>:8080

Published On
By Shachindra Yadav
Categories
Tags