Hello David, Can you give us more details on how you installed your keystore? Did you have a single keystore containing both self-signed and CA issued certificates? What params did you pass to Jenkins at start-up?
-- JC Le lundi 25 février 2013 17:11:24 UTC+1, David Doughty a écrit : > > I've beening running jenkins 1.466.12.1 as jenkins on RHEL6.2 (we don't > have root access), under https for a few weeks now, using a self signed > certificate, no problems, other than than the issues for end users and > their browsers. We have now been issued an offical certificate CA chain > root-intermediate-server from our security team. > > Now the fun begins... > > At the moment I don't seem to be able to get Jenkins to recognize the > official certificates at all; it only appears to start up with a keystore > with the self signed certificate present, which is the only certificate > presented to the client browser. > > https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins< > at the bottom of this article it states - If your keystore contains > multiple certificates (e.g. you are using CA signed certificate) Jenkins > might end-up using a incorrect one. In this case you can convert the > keystore to > PEM<http://stackoverflow.com/questions/7528944/convert-ca-signed-jks-keystore-to-pem>and > use following command line options. > > Yes, we use a CA signed certificate, and I'm not sure how it might decide > to use the incorrect one...... > > So, I've tried the link, which takes me to stackoverflow, and get as far > as java ExportPriv <keystore> <alias> <password> > exported-pkcs8.key < > which falls over with a java nullpoint execption.... > > Does anyone else have a similar experience or is this something I have to > work though independently, and why does Jenkins have a problem with > keystores, and why cant it be fixed? > > thanks > > dD > > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
