Child pages
  • Running Jenkins with native SSL / HTTPS
Skip to end of metadata
Go to start of metadata

If you are running on Linux, you should consider simply putting a reverse proxy in front or using one of these guides instead:

If you are running on Windows, you should consider simply putting a reverse proxy in front or using one of these guides instead:

Generate SSL Certificate and convert into JKS keystore

You will need to generate a valid SSL certificate for your jenkins server.  This could be a self-signed cert, or one issued by a CA.  How you get this cert is outside the scope of this page/document, but this assumes you are on Windows and therefore you have some kind of *.pfx or PKCS based certificate file.

You can convert your certificate (and chain file) into a JKS using the Java keytool command (obviously replace 'example.com' with your actual FQDN:

keytool -importkeystore -srckeystore <path-to-cert-file.pfx> -srcstoretype pkcs12 -destkeystore jenkins.example.com.jks -deststoretype JKS

Configure Jenkins to use HTTPS and the JKS keystore

Copy your Jenkins *.jks keystore file to your Jenkins server.  You can put the keystore file into your JENKINS_HOME folder for convenience.

Edit the jenkins.xml file (installed into %PROGRAMFILES{x86)%/Jenkins/jenkins.xml by default on Windows) and change the following arguments being passed to java when launching jenkins:

--httpPort=-1  (to stop Jenkins from listening over plain HTTP)
--httpsPort=443  (or 8443 or whatever SSL port you want Jenkins to listen on)
--httpsKeyStore="%JENKINS_HOME%\jenkins.example.com.jks"
--httpsKeyStorePassword="<cleartext-password-to-keystore>"

Private key and JKS keystore passwords

When creating the JKS keystore, the destination keystore password (e.g. JKS) must match the source keystore password (e.g. the password for the .pfx).


  • No labels