hi JC, I created the keystore with the self certified key a couple of weeks ago when I installed jenkins, and then generated a CSR. The root/intermediate and private key for the machine have been loaded into the same keystore.
Jenkins is currently started with the following command java $JAVA_OPTS -jar $JENKINS_HOME/jenkins.war --prefix=$JENKINS_PREFIX --controlPort=$JENKINS_CONTROL_PORT --httpPort=$JENKINS_HTTP_PORT --ajp13Port=$JENKINS_AJP_PORT --httpsPort=$JENKINS_HTTPS_PORT --httpsKeyStore=$KEYSTORE --httpsKeyStorePassword=$KEYSTORE_PASSWORD --logfile=$LOGFILE & the variables are set as export JENKINS_PREFIX="/jenkins" export JENKINS_HOST="gbrpsr000000408" export JENKINS_CONTROL_PORT="8001" export JENKINS_HTTP_PORT="-1" export JENKINS_HTTPS_PORT=8444 export KEYSTORE=/opt/jenkins/keystore/scmrm.jks export KEYSTORE_PASSWORD="Key\$t0re" export JENKINS_AJP_PORT="-1" export LOGFILE=$JENKINS_HOME/logs/access_`date +"%Y%m-%d"`.log export JAVA_OPTS="-Djava.awt.headless=true -XX:PermSize=512M -XX:MaxPermSize=2048M -Xmn128M -Xms1024M -Xmx2048M" On Monday, 25 February 2013 17:20:49 UTC, jcsirot wrote: > > Hello David, > > Can you give us more details on how you installed your keystore? Did you > have a single keystore containing both self-signed and CA issued > certificates? What params did you pass to Jenkins at start-up? > > -- > JC > > Le lundi 25 février 2013 17:11:24 UTC+1, David Doughty a écrit : >> >> I've beening running jenkins 1.466.12.1 as jenkins on RHEL6.2 (we don't >> have root access), under https for a few weeks now, using a self signed >> certificate, no problems, other than than the issues for end users and >> their browsers. We have now been issued an offical certificate CA chain >> root-intermediate-server from our security team. >> >> Now the fun begins... >> >> At the moment I don't seem to be able to get Jenkins to recognize the >> official certificates at all; it only appears to start up with a keystore >> with the self signed certificate present, which is the only certificate >> presented to the client browser. >> >> https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins< >> at the bottom of this article it states - If your keystore contains >> multiple certificates (e.g. you are using CA signed certificate) Jenkins >> might end-up using a incorrect one. In this case you can convert the >> keystore to >> PEM<http://stackoverflow.com/questions/7528944/convert-ca-signed-jks-keystore-to-pem>and >> use following command line options. >> >> Yes, we use a CA signed certificate, and I'm not sure how it might decide >> to use the incorrect one...... >> >> So, I've tried the link, which takes me to stackoverflow, and get as far >> as java ExportPriv <keystore> <alias> <password> > exported-pkcs8.key < >> which falls over with a java nullpoint execption.... >> >> Does anyone else have a similar experience or is this something I have to >> work though independently, and why does Jenkins have a problem with >> keystores, and why cant it be fixed? >> >> thanks >> >> dD >> >> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
