Tag Archives: Java Security

Managing SSL for Jenkins with Sectigo Certificates

At VMSoft, I manage a Jenkins instance that uses SSL. To configure SSL using a certificate issued by Sectigo (in my case), the supplied .crt and .key files must be imported into a keystore, which is then passed as a Jenkins startup parameter.

The process of creating a keystore from the .crt and .key files involves using the openssl command-line utility to create a PKCS#12 file:

openssl pkcs12 -export -in <file_name>.crt -inkey <file_name>.key -out jenkins.p12

Next, convert the resulting .p12 file to a .jks file using the keytool utility, which comes bundled with the JDK:

keytool -importkeystore -srckeystore jenkins.p12 -srcstoretype PKCS12 -destkeystore jenkins.jks -deststoretype JKS

Finally, make Jenkins aware that you want to use HTTPS by editing the jenkins.xml configuration file. Modify the jenkins.war command-line arguments by appending the following:

--httpPort=-1 --httpsPort=8443 --httpsKeyStore=<path_to_key_store_file> --httpsKeyStorePassword=<key_store_password>

Note: If your Jenkins instance fails to start, check the error log. If you see an error like:

java.security.UnrecoverableKeyException: Cannot recover key

ensure that the password you provided during the creation of both the PKCS#12 file and the .jks file is the same. Inconsistent passwords can cause this error.