At VMSoft, I manage a Jenkins instance that uses SSL. To configure SSL using a certificate issued by Sectigo (in my case), the supplied .crt and .key files must be imported into a keystore, which is then passed as a Jenkins startup parameter.
The process of creating a keystore from the .crt and .key files involves using the openssl command-line utility to create a PKCS#12 file:
openssl pkcs12 -export -in <file_name>.crt -inkey <file_name>.key -out jenkins.p12 |
Next, convert the resulting .p12 file to a .jks file using the keytool utility, which comes bundled with the JDK:
keytool -importkeystore -srckeystore jenkins.p12 -srcstoretype PKCS12 -destkeystore jenkins.jks -deststoretype JKS |
Finally, make Jenkins aware that you want to use HTTPS by editing the jenkins.xml configuration file. Modify the jenkins.war command-line arguments by appending the following:
--httpPort=-1 --httpsPort=8443 --httpsKeyStore=<path_to_key_store_file> --httpsKeyStorePassword=<key_store_password> |
Note: If your Jenkins instance fails to start, check the error log. If you see an error like:
java.security.UnrecoverableKeyException: Cannot recover key |
ensure that the password you provided during the creation of both the PKCS#12 file and the .jks file is the same. Inconsistent passwords can cause this error.