hi JC, I created the keystore with the self certified key a couple of weeks ago when I installed jenkins, and then generated a CSR. The root/intermediate and private key for the machine have been loaded into the same keystore.
Jenkins is currently started with the following command java $JAVA_OPTS -jar $JENKINS_HOME/jenkins.war --prefix=$JENKINS_PREFIX --controlPort=$JENKINS_CONTROL_PORT --httpPort=$JENKINS_HTTP_PORT --ajp13Port=$JENKINS_AJP_PORT --httpsPort=$JENKINS_HTTPS_PORT --httpsKeyStore=$KEYSTORE --httpsKeyStorePassword=$KEYSTORE_PASSWORD --logfile=$LOGFILE & the variables are set as export JENKINS_PREFIX="/jenkins" export JENKINS_HOST="gbrpsr000000408" export JENKINS_CONTROL_PORT="8001" export JENKINS_HTTP_PORT="-1" export JENKINS_HTTPS_PORT=8444 export KEYSTORE=/opt/jenkins/keystore/scmrm.jks export KEYSTORE_PASSWORD="Key\$t0re" export JENKINS_AJP_PORT="-1" export LOGFILE=$JENKINS_HOME/logs/access_`date +"%Y%m-%d"`.log export JAVA_OPTS="-Djava.awt.headless=true -XX:PermSize=512M -XX:MaxPermSize=2048M -Xmn128M -Xms1024M -Xmx2048M" On Monday, 25 February 2013 17:20:49 UTC, jcsirot wrote: > > Hello David, > > Can you give us more details on how you installed your keystore? Did you > have a single keystore containing both self-signed and CA issued > certificates? What params did you pass to Jenkins at start-up? > > -- > JC > > Le lundi 25 février 2013 17:11:24 UTC+1, David Doughty a écrit : >> >> I've beening running jenkins 1.466.12.1 as jenkins on RHEL6.2 (we don't >> have root access), under https for a few weeks now, using a self signed >> certificate, no problems, other than than the issues for end users and >> their browsers. We have now been issued an offical certificate CA chain >> root-intermediate-server from our security team. >> >> Now the fun begins... >> >> At the moment I don't seem to be able to get Jenkins to recognize the >> official certificates at all; it only appears to start up with a keystore >> with the self signed certificate present, which is the only certificate >> presented to the client browser. >> >> https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins< >> at the bottom of this article it states - If your keystore contains >> multiple certificates (e.g. you are using CA signed certificate) Jenkins >> might end-up using a incorrect one. In this case you can convert the >> keystore to >> PEM<http://stackoverflow.com/questions/7528944/convert-ca-signed-jks-keystore-to-pem>and >> use following command line options. >> >> Yes, we use a CA signed certificate, and I'm not sure how it might decide >> to use the incorrect one...... >> >> So, I've tried the link, which takes me to stackoverflow, and get as far >> as java ExportPriv <keystore> <alias> <password> > exported-pkcs8.key < >> which falls over with a java nullpoint execption.... >> >> Does anyone else have a similar experience or is this something I have to >> work though independently, and why does Jenkins have a problem with >> keystores, and why cant it be fixed? >> >> thanks >> >> dD >> >> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
