Hello Jenkins users,
I used to have multiple Jenkins pipeline jobs (multibranch) running on
miscellaneous nodes (Windows and Linux). Everything was fine.
My jobs were configured to use a specific JVM identified as "*java-8*":
- declared only once in JDK installations sections (and downloaded from
Oracle.com)
- referenced inside each pipeline using the "*tool*" section like this:
tools { jdk 'java-8' }
Problem is that my IT recently wants to put my Maven repository (Apache
Archiva) behind a reverse proxy, thus forcing me to use HTTPS to access it
(and deploy my Maven artifacts).
And the HTTPS is configured with a self-signed certificate, not recognized
by default by the JVM.
For testing purpose I tested it on my computer by importing the correct
.cer file using java's "keytool" utility into the *cacert* keystore of my
JVM. Maven builds worked.
I suppose all developers in the company will have to do the same.
But regarding Jenkins, what would be the preferred way to add certificates
to the JVM used for Maven ?
- One way would be to use the "*Config File Provider plugin*" to
retrieve a specifically crafted *cacert* file and to overwrite the JDK's
one at the start of each build.
- Another way would be to not use Oracle's JDK anymore but to use a
specifically crafted one including my specific *cacert* file but this
would be more work on each JDK update.
- I could also not overwrite the JDK's and still use the "*Config File
Provider plugin*" to get the correct *cacert* file and pass it to Maven
using options like -Djavax.net.ssl.trustStore and the likes.
None of this options satisfies me fully. What would you do ?
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/cf23ab3e-4fb8-4979-a0d4-36029e8c234e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
