Tag Archives: keytool

Managing SSL for Jenkins with Sectigo Certificates

At VMSoft, I manage a Jenkins instance that uses SSL. To configure SSL using a certificate issued by Sectigo (in my case), the supplied .crt and .key files must be imported into a keystore, which is then passed as a Jenkins startup parameter.

The process of creating a keystore from the .crt and .key files involves using the openssl command-line utility to create a PKCS#12 file:

openssl pkcs12 -export -in <file_name>.crt -inkey <file_name>.key -out jenkins.p12

Next, convert the resulting .p12 file to a .jks file using the keytool utility, which comes bundled with the JDK:

keytool -importkeystore -srckeystore jenkins.p12 -srcstoretype PKCS12 -destkeystore jenkins.jks -deststoretype JKS

Finally, make Jenkins aware that you want to use HTTPS by editing the jenkins.xml configuration file. Modify the jenkins.war command-line arguments by appending the following:

--httpPort=-1 --httpsPort=8443 --httpsKeyStore=<path_to_key_store_file> --httpsKeyStorePassword=<key_store_password>

Note: If your Jenkins instance fails to start, check the error log. If you see an error like:

java.security.UnrecoverableKeyException: Cannot recover key

ensure that the password you provided during the creation of both the PKCS#12 file and the .jks file is the same. Inconsistent passwords can cause this error.

Get Android Studio debug certificate fingerprints on Windows

Here is a small batch file that will retrieve Android Studio debug certificate fingerprints. Make sure that keytool.exe is in your %PATH%

@echo off
keytool -list -v -keystore "%USERPROFILE%\.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android
pause

Copy / paste the a bough commands in an empty file and save it with a .bat extension.

Android Studio debug certificate fingerprints

Android Studio debug certificate fingerprints