Configuring Jenkins CLI tool with non-TrustStore SSL certificates

If your CloudBees Core or CloudBees Jenkins Distribution instance has been secured with a non-TrustStore SSL certificate, then you may need to configure your local machine running the Jenkins CLI tool, to allow it to successfully communicate with CloudBees Core or CloudBees Jenkins Distribution.

  1. Ensure that the keytool command is running on the machine running the Jenkins CLI tool.

  2. Obtain/download your CloudBees Core’s non-TrustStore SSL certificate directly from the web browser itself - naming it, for example, cloudbees-core.example.com.crt.

    In Firefox, this can be done by doing the following:

    1. Visit your CloudBees Core site.

    2. Click its padlock icon to the left of the URL field.

    3. Click the > to the right of menu:Connection[].

    4. Click menu:More Information[] at the base of the resulting dialog box.

    5. In the resulting Page Info dialog box, ensure the Security tab is selected and click the menu:View Certificate[] button.

    6. On the resulting Certificate Viewer dialog box, click the Details tab and click the menu:Export[] button.

  3. Create a keystore and import this certificate by running the command (changing the values appropriately):

    keytool -import -noprompt -trustcacerts -alias cloudbees-core.example.com -file cloudbees-core.example.com.crt -keystore myKeystore -storepass changeme
  4. Test that the certificate configured in your keystore works and now provides your locally running Jenkins CLI tool access to your CloudBees Core instance by running this command:

    java -Djavax.net.ssl.trustStore=myKeystore -Djavax.net.ssl.trustStorePassword=changeme -jar jenkins-cli.jar -s https://cloudbees-core.example.com/cjoc/ help

    If you receive a list of available Jenkins CLI commands in both cases, then your Jenkins CLI is now working.

  5. Update the alias file/s configured for your Jenkins CLI tool to insert these additional components between java and -jar:

    -Djavax.net.ssl.trustStore=myKeystore -Djavax.net.ssl.trustStorePassword=changeme