2

IT team sent me an "cert.pfx" ssl certificate file to use our "subdomain.domain.com" web site.

I have to add this ssl cert to Jenkins and as I know it uses *.jks files. But I'm not sure how to convert pfx to jks.

I used the command below, it's creating an jks file but Jenkins giving error.

keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

Any help appreciated.

Thanks!

yatta
  • 423
  • 1
  • 7
  • 22
  • 1
    Make sure that you run the above command with this format 'keytool -importkeystore -srckeystore \atmswvepcert.pfx -srcstoretype pkcs12 -destkeystore \atmswvepcert.jks -deststoretype JKS' and if the latest .jks is generated you can refere answer below. – np2807 Dec 01 '20 at 15:23

1 Answers1

0

Above command to generate .jks from .pfx looks fine, make sure that you have given the password to your jks file (Best practice to give password for .jks file).

Next step is, you need to make sure that %Jenkins_Home%\jenkins.xml has a correct configuration for .jks file.

Here is an example of Jenkins HTTPS connection setting,

-httpPort=-1 (To stop Jenkins from listening over plain HTTP)
-httpsPort=8080 (or 8181 or whatever SSL port you want Jenkins to listen on)
-httpsKeyStore="<JavaKeystore_path>\clientcert.jks"
-httpsKeyStorePassword="<cleartext-password-to-keystore>"

After modification of jenkins.xml, restart the windows jenkins service, it must be running.

np2807
  • 1,050
  • 15
  • 30
  • I exactly tried this one but it throws the error below; Caused: java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory at winstone.Launcher.spawnListener(Launcher.java:218) at winstone.Launcher.(Launcher.java:178) at winstone.Launcher.main(Launcher.java:359) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) – yatta Dec 05 '20 at 23:58
  • @yatta but is the jenkins service running correctly ? also please make sure that you have right version of Java compliant for Jenkins LTS version (in my case it gave a problem because of old Java version). – np2807 Dec 07 '20 at 11:17
  • Yes service is running but the GUI is not working. I don't know how to check Java compliant for Jenkins LTS version? – yatta Dec 07 '20 at 21:27
  • You have to add the domain.com certificate to JavaKeystore as well https://stackoverflow.com/questions/3685548/java-keytool-easy-way-to-add-server-cert-from-url-port you can see discussion in the link, my solution is to establish https connection in jenkins with .jks file. – np2807 Dec 08 '20 at 07:30