These instructions are using Jenkins 1.595 from the Jenkins Yum repository http://pkg.jenkins-ci.org/redhat/.
- Create certificate for host with whatever tool you choose. Personally I like XCA but I don't have a PKI system in place.
- Export PKCS12 certificate with chain.
- Convert PKCS12 certifcate to java keystore using the following command:
keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 -destkeystore jenkinsstore - Copy the keystore to a permanent location (ex. /var/lib/jenkins).
- Import your CA certificate into Java cacerts keystore:
keytool -import -file CA.crt -keystore /usr/java/latest/jre/lib/security/cacerts - Configure /etc/sysconfig/jenkins with the following settings:
JENKINS_JAVA_CMD="/usr/java/latest/bin/java"
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Xrs -Xmx1024m -XX:PermSize=512m -XX:MaxPermSize=512m"
JENKINS_HTTPS_PORT="8843"
JENKINS_HTTPS_KEYSTORE="/var/lib/jenkins/jenkinsstore"
JENKINS_HTTPS_KEYSTORE_PASSWORD="thePassword"
JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0" - Configure iptables to redirect 443 to 8843 and to block tcp 8080 if you want to use the standard port 443:
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j DROP
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8843 - Start Jenkins:
service jenkins start
