Thursday, January 23, 2020

Configure Server-Client Certificate for Jenkins

http://xacmlinfo.org/2014/06/13/how-to-keystore-creating-jks-file-from-existing-private-key-and-certificate/
http://sam.gleske.net/blog/engineering/2016/05/04/jenkins-with-ssl.html

How to Creat JKS KeyStore file from existing private key and certificate

# openssl pkcs12 -export -in jenkins.pem -inkey jenkins.key -certfile jenkins.pem -out jenkins_keystore.p12

# keytool -importkeystore -srckeystore jenkins_keystore.p12 -srcstoretype pkcs12 -destkeystore jenkins_keystore.jks -deststoretype JKS

Import CA Cert and SubRoot Cert
# keytool -import -trustcacerts -alias go-root -file cot-root.cert -keystore jenkins_keystore.jks -storepass "xxxxxxxx"


# keytool -import -trustcacerts -alias go-sub -file cot-sub.cert -keystore jenkins_keystore.jks -storepass "xxxxxxxx"

mkdir -p /etc/ssl/jenkins
cp jenkins_keystore.jks /etc/ssl/jenkins/

#configure permissions to secure your keystore
chown -R jenkins: /etc/ssl/jenkins
chmod 700 /etc/ssl/jenkins
chmod 600 /etc/ssl/jenkins/jenkins_keystore.jks

#disable HTTP
#JENKINS_PORT="-1"

#configure HTTPS
JENKINS_HTTPS_PORT="8443"
JENKINS_HTTPS_KEYSTORE="/etc/ssl/jenkins/jenkins_keystore.jks"
JENKINS_HTTPS_KEYSTORE_PASSWORD="xxxxxxxx"
JENKINS_HTTPS_LISTEN_ADDRESS="127.0.0.1"
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)