Install SSL Certificates on Jenkins

Install SSL Certificates on Jenkins

Want to secure your Jenkins environment and protect sensitive data? Learn how to install SSL certificates on Jenkins and enhance the security of your continuous integration and continuous delivery processes.

Table of Contents

Introduction

Jenkins is an open-source automation server that is used for building, testing, and deploying software applications. In order to secure the communication between the server and clients and ensure trust between them, it is recommended to install SSL certificates on Jenkins. In this guide, we will cover the steps to install SSL certificates on Jenkins for Ubuntu, RHEL9, and CentOS9 operating systems.

Install SSL Certificates on Jenkins: Post Image

Photo by Stefan Schweihofer from Pixabay

Step 1: Generate a Self-Signed SSL Certificate

Create a new SSL directory for Jenkins:

				
					$ sudo mkdir /etc/ssl/jenkins

Generate a new self-signed SSL certificate using the openssl command:

				
					$ sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/ssl/jenkins/jenkins.key -x509 -days 365 -out /etc/ssl/jenkins/jenkins.crt

This command generates a new private key and a self-signed SSL certificate with a validity period of 365 days. The private key is saved to /etc/ssl/jenkins/jenkins.key, and the SSL certificate is saved to /etc/ssl/jenkins/jenkins.crt.

Verify that the SSL certificate is valid by running the following command:

				
					$ sudo openssl x509 -in /etc/ssl/jenkins/jenkins.crt -noout -text

This command displays the details of the SSL certificate.

Step 2: Configure Jenkins to Use the Self-Signed SSL Certificate

Open the Jenkins configuration file /etc/default/jenkins with a text editor:

For Ubuntu

Run the following command:

				
					$ sudo vim /etc/default/jenkins

For RHEL9 or CentOS9

Run the following command:

				
					$ sudo vim /etc/sysconfig/jenkins

Add the following line to the end of the file.

				
					JENKINS_ARGS="--httpPort=-1 --httpsPort=8083 --httpsCertificate=/etc/ssl/jenkins/jenkins.crt --httpsPrivateKey=/etc/ssl/jenkins/jenkins.key"

This configuration instructs Jenkins to use SSL with the provided certificate and private key. Save and close the file.

Restart the Jenkins service for the changes to take effect:

				
					$ sudo systemctl restart jenkins

Verify that Jenkins is running on the HTTPS port by visiting https://<your-server-ip>:8083 in a web browser.

Step 3: Generate a Non-Self-Signed SSL Certificate

  • Generate a new private key and a Certificate Signing Request (CSR) using the openssl command:
				
					$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout jenkins.key -out jenkins.csr

This command generates a new private key and a CSR. The private key is saved to jenkins.key, and the CSR is saved to jenkins.csr.

  • Submit the CSR to a certificate authority (CA) to obtain a signed certificate. The process may vary depending on the CA.
  • Once you have obtained the signed certificate, save it to a file named jenkins.crt.
  • Concatenate the certificate chain to the jenkins.crt file. The certificate chain consists of the signed certificate and any intermediate certificates provided by the CA. Save the concatenated file to jenkins-bundle.crt.
				
					$ cat jenkins.crt intermediate.crt > jenkins-bundle.crt

Copy all files to the following location (in the /etc/ssl/jenkins directory):

				
					$ sudo mkdir /etc/ssl/jenkins
$ sudo cp jenkins.key /etc/ssl/jenkins
$ sudo cp jenkins.crt /etc/ssl/jenkins
$ sudo cp jenkins-bundle.crt /etc/ssl/jenkins

Step 4: Configure Jenkins to Use the Non-Self-Signed SSL Certificate

Open the Jenkins configuration file /etc/default/jenkins with a text editor:

For Ubuntu

Run the following command:

				
					$ sudo vim /etc/default/jenkins

For RHEL9 or CentOS9

Run the following command:

				
					$ sudo vim /etc/sysconfig/jenkins

Add the following lines at the end of the file:

				
					JENKINS_ARGS="--httpPort=-1 --httpsPort=8083 --httpsCertificate=/etc/ssl/jenkins/jenkins.crt --httpsPrivateKey=/etc/ssl/jenkins/jenkins.key --httpsKeyStore=/etc/ssl/jenkins/jenkins-bundle.crt"

This configuration instructs Jenkins to use SSL with the provided certificate, private key, and certificate chain. Save and close the file.

Restart the Jenkins service for the changes to take effect:

				
					$ sudo systemctl restart jenkins

Verify that Jenkins is running on the HTTPS port by visiting https://<your-server-ip>:8083 in a web browser.

Install SSL Certificates on Jenkins

Best Practices

Here are some best practices to follow when using SSL certificates with Jenkins:

  • Use a non-self-signed SSL certificate issued by a trusted CA to ensure that your connections are secure.
  • Keep your SSL certificate and private key files in a secure location and protect them with appropriate permissions to prevent unauthorized access.
  • Renew your SSL certificate before it expires to prevent any service interruptions.
  • Configure your Jenkins server to use HTTPS by default to ensure that all connections are secure.

Conclusion

In this guide, we’ve shown you how to install SSL certificates on Jenkins for Ubuntu, RHEL9, and CentOS9 operating systems. By following these steps, you can secure your Jenkins connections and protect your data from unauthorized access. Remember to follow best practices and keep your SSL certificate files secure and up-to-date to ensure that your connections remain secure.

Was this article helpful to you? If so, leave us a comment below and share!

Related Posts

Tags
Algorithms (2) Ansible (15) Apache (4) Artificial Intelligence (7) Automation (27) Big Data (3) Blockchain (4) CentOS (105) CentOS7 (2) Cockpit (3) Containers (6) Database (3) Debian (24) DevOps (5) Docker (7) Fedora (5) Git (3) HOWTO (142) Install (66) IT Jobs (2) Jenkins (4) Kali Linux (4) Kubernetes (12) KVM (5) Linux (168) Linux commands (75) mariaDB (2) Minikube (4) mysql (6) nmcli (3) oVirt (2) Podman (8) Python (8) RHCSA Exam (10) RHEL (123) RHEL7 (2) SSH (3) sysadmin (2) Technology (11) Text Editor (7) Ubuntu (29) VirtualBox (2) Virtualization (4) VMware (2) Webserver (2)

Leave a Reply

Your email address will not be published. Required fields are marked *