top of page

How to Secure Your Jenkins Server with HTTPS: A Step-by-Step Guide


Jenkins HTTPS

Jenkins is a powerful automation server widely used for continuous integration and continuous deployment (CI/CD) processes. Securing Jenkins with HTTPS is essential for protecting sensitive data transmitted over the network. In this guide, we'll walk through the process of enabling HTTPS on Jenkins using OpenSSL, including the necessary command outputs.


Prerequisites

Before starting, ensure you have:


  1. Access to the server hosting Jenkins.

  2. Root or sudo privileges.

  3. OpenSSL installed on the server.


Step 1: Generate SSL Certificate


The first step is to generate a self-signed SSL certificate using OpenSSL. Execute the following command:

[root@siddhesh ~]# openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
Generating a 2048 bit RSA private key
.....+++
.....................................................+++
writing new private key to 'key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Maharashtra
Locality Name (eg, city) [Default City]:Mumbai
Organization Name (eg, company) [Default Company Ltd]:Builddevops Ltd
Organizational Unit Name (eg, section) []:DevOps
Common Name (eg, your name or your server's hostname) []:jenkins.builddevops.com
Email Address []:siddhesh@builddevops.com
[root@siddhesh ~]#

You'll be prompted to provide information for the certificate. Fill in the details according to your organization's requirements.


Step 2: Create PKCS12 File


Next, create a PKCS12 file from the generated key and certificate:

[root@siddhesh ~]# openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
Enter Export Password:
Verifying - Enter Export Password:
[root@siddhesh ~]#

Set an export password when prompted, and verify it.


Step 3: Import Certificate to Keystore


Import the PKCS12 file into a Java keystore (JKS) using the keytool command:

[root@siddhesh ~]# keytool -importkeystore -srckeystore ./certificate.p12 -srcstoretype pkcs12 -destkeystore jenkinsbuilddevops.jks -deststoretype JKS
Importing keystore ./certificate.p12 to jenkinsbuilddevops.jks...
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias 1 successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
[root@siddhesh ~]#

You'll need to enter the destination keystore password and the source keystore password.


Step 4: Move Keystore to Jenkins Directory


Copy the generated keystore file to the Jenkins directory:

[root@siddhesh ~]# cp -pav jenkinsbuilddevops.jks /var/lib/jenkins/
‘jenkinsbuilddevops.jks’ -> ‘/var/lib/jenkins/jenkinsbuilddevops.jks’
[root@siddhesh ~]# chown jenkins:jenkins /var/lib/jenkins/jenkinsbuilddevops.jks
[root@siddhesh ~]#

Step 5: Set Jenkins HTTPS Configuration


Modify the Jenkins service configuration to enable HTTPS. Edit the Jenkins service file:

[root@siddhesh ~]# grep '^Environment="JENKINS_HTTPS' /usr/lib/systemd/system/jenkins.service
Environment="JENKINS_HTTPS_PORT=9090"
Environment="JENKINS_HTTPS_KEYSTORE=/var/lib/jenkins/jenkinsbuilddevops.jks"
Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=P@ssw0rd"
[root@siddhesh ~]#

Ensure the environment variables are correctly set with the appropriate paths and passwords.


Step 6: Reload and Restart Jenkins Service


Reload the systemd daemon and restart the Jenkins service:

[root@siddhesh ~]# systemctl daemon-reload
[root@siddhesh ~]# systemctl restart jenkins.service

Following these steps, you've successfully enabled HTTPS on Jenkins i.e https://<IPADDRESS>:9090, ensuring secure communication between Jenkins and clients. This setup enhances the security of your CI/CD workflows by encrypting data transmitted over the network.


2 Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
Guest
Apr 08
Rated 4 out of 5 stars.

Very Well Explained !!!!!

Like

Guest
Apr 03
Rated 5 out of 5 stars.
Like
bottom of page