Tag Archives: ssl

Managing SSL for Jenkins with Sectigo Certificates

At VMSoft, I manage a Jenkins instance that uses SSL. To configure SSL using a certificate issued by Sectigo (in my case), the supplied .crt and .key files must be imported into a keystore, which is then passed as a Jenkins startup parameter.

The process of creating a keystore from the .crt and .key files involves using the openssl command-line utility to create a PKCS#12 file:

openssl pkcs12 -export -in <file_name>.crt -inkey <file_name>.key -out jenkins.p12

Next, convert the resulting .p12 file to a .jks file using the keytool utility, which comes bundled with the JDK:

keytool -importkeystore -srckeystore jenkins.p12 -srcstoretype PKCS12 -destkeystore jenkins.jks -deststoretype JKS

Finally, make Jenkins aware that you want to use HTTPS by editing the jenkins.xml configuration file. Modify the jenkins.war command-line arguments by appending the following:

--httpPort=-1 --httpsPort=8443 --httpsKeyStore=<path_to_key_store_file> --httpsKeyStorePassword=<key_store_password>

Note: If your Jenkins instance fails to start, check the error log. If you see an error like:

java.security.UnrecoverableKeyException: Cannot recover key

ensure that the password you provided during the creation of both the PKCS#12 file and the .jks file is the same. Inconsistent passwords can cause this error.

TortoiseGIT Disconnected: No supported authentication methods available ( server sent: publickey )

After migrating to SSH authentication for my Bitbucket repo ( one of the reasons for doing that was to be able to mirror my repo on my home server, article on that topic coming soon ), the TortoiseGIT windows client stopped working. It was unable to do pulls and pushes and all other functionallity related to connecting to the remote GIT. Android Studio and other IDE’s and tools I use on a daily basis, including git command line client were working properly.

Untitled1

TortoiseGIT uses Pageant (part of the PuTTY toolset) to manage it’s authentication keys. Because I have already generated the public / private key pair using ssh-keygen all I needed to do was make Pageant aware of them.

For this Puttygen (part of the PuTTY toolset) should be used.

Untitled4

pass

Load the key in Puttygen (you will be prompted for password during the loading process), leave the default settings. If the import was successful you will get a message telling you so.

success

Then click ‘Save private key’ button and save your private key in putty default ppk format. Fire up Pageant and load your newly created key.

Untitled6

Now pulls, pushes and all other functionallity related to connecting to the remote GIT should work as expected.

Untitled7

NOTE: Pageant should be started prior to using TortoiseGIT, else you will get the same error message again.