Issue
After upgrading my Jenkins instance to a version newer than 2.361.*
, I am unable to start it and I get one of the following exceptions:
Exception in thread "main" java.lang.IllegalArgumentException: Unrecognized option: --httpsPrivateKey
or
Exception in thread "main" java.lang.IllegalArgumentException: Unrecognized option: --httpsCertificate
Explanation
Support for OpenSSL-style PEM-encoded RSA private keys has been removed when running Jenkins with the embedded Jetty (Winstone) container and TLS. Specifically, the --httpsPrivateKey
and --httpsCertificate
flags have been removed in favor of the --httpsKeyStore
flag. The removed flags have printed deprecation warnings since 2016 and were implemented with non-standard APIs that have since been removed from Java 17.
See Changes since 2.361: Winstone 6.1:
at https://www.jenkins.io/doc/upgrade-guide/2.361/#updated-jetty-version, https://github.com/jenkinsci/jenkins/pull/6801, https://github.com/jenkinsci/winstone/pull/232.
In past versions, they were recommended to be used when you wanted to Enable SSL without using a keystore password.
Resolution
The recommendation is to migrate to the --httpsKeyStore
option, which takes a keystore as described in the documentation. As of JEP 229, PKCS12
is the recommended keystore type.