BestHub
Sign in
Operations 5 min read

Enabling SSL for Jenkins with a Self‑Signed Certificate

This guide walks through generating a self‑signed SSL certificate using OpenSSL, converting it to PKCS12 and JKS formats, placing the keystore on the Jenkins server, updating Jenkins configuration for HTTPS, and testing the secure connection.

DevOps Cloud Academy
DevOps Cloud Academy
DevOps Cloud Academy
Enabling SSL for Jenkins with a Self‑Signed Certificate

Enabling SSL in a Jenkins project environment is essential for secure communication; this article demonstrates how to create a self‑signed SSL certificate and configure Jenkins to use it.

Create a Self‑Signed Certificate

OpenSSL is available on most Linux/Unix systems. Follow these commands to generate a CA key, CA certificate, server key, CSR, and finally the server certificate.

## 建立一个openssl目录
mkdir openssl && cd openssl

## 生成CA私钥文件
openssl genrsa -out ca.key 2048

## 使用CA密钥生成CA x509证书文件。定义证书的有效性。输入证书详细信息,例如通用名称,位置,国家/地区等。
openssl req -x509 -new -nodes -key ca.key -sha256 -days 1825 -out ca.crt

## 创建服务器私钥
openssl genrsa -out server.key 2048

## 使用私钥生成CSR
openssl req -new -key server.key -out server.csr

## 使用ca.key,ca.crt和server.csr生成服务器SSL证书
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000

## 出现以下信息
Signature ok
subject=/C=CN/L=Default City/O=devops/CN=jenkins.devops.com
Getting CA Private Key

Convert SSL Key to PKCS12

openssl pkcs12 -export -out jenkins.p12 \
  -passout 'pass:123456' -inkey server.key \
  -in server.crt -certfile ca.crt -name jenkins.devops.com

Convert PKCS12 to JKS

keytool -importkeystore -srckeystore jenkins.p12 \
  -srcstorepass '123456' -srcstoretype PKCS12 \
  -srcalias jenkins.devops.com -deststoretype JKS \
  -destkeystore jenkins.jks -deststorepass '123456' \
  -destalias jenkins.devops.com

Place JKS in Jenkins Path

mkdir /etc/jenkins
cp jenkins.jks /etc/jenkins/

## 更改密钥和文件夹的权限。
chown -R jenkins: /etc/jenkins
chmod 700 /etc/jenkins
chmod 600 /etc/jenkins/jenkins.jks

Modify Jenkins Configuration

If Jenkins was installed via RPM, edit /etc/sysconfig/jenkins and set the HTTPS port, keystore path, and password, then restart Jenkins.

# grep "HTTPS" /etc/sysconfig/jenkins
JENKINS_HTTPS_PORT="8443"
JENKINS_HTTPS_KEYSTORE="/etc/jenkins/jenkins.jks"
JENKINS_HTTPS_KEYSTORE_PASSWORD="123456"

For a test environment running java -jar jenkins.war , you can start Jenkins with the appropriate HTTPS parameters:

#!/bin/bash
export JENKINS_HOME=~/jenkins
nohup java \
  -Dcom.sun.akuma.Daemon=daemonized \
  -Djava.awt.headless=true \
  -jar jenkins.war \
  --httpPort=8080 \
  --httpsPort=8443 \
  --httpsKeyStore=/Users/zeyang/jenkins/jenkins.jks \
  --httpsKeyStorePassword=123456 \
  --httpsListenAddress=0.0.0.0 \
  --debug=9 \
  --handlerCountMax=100 \
  --handlerCountMaxIdle=20 \
  --accessLoggerClassName=winstone.accesslog.SimpleAccessLogger \
  --simpleAccessLogger.format=combined &

Test HTTPS Access

After restarting Jenkins, open https:// :8443 in a browser to verify the SSL configuration.

operationssslJenkinsself-signed certificate
DevOps Cloud Academy
Written by

DevOps Cloud Academy

Exploring industry DevOps practices and technical expertise.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment