If your CloudBees CI instance has been secured with a non-TrustStore SSL certificate, then you may need to configure your local machine running the Jenkins CLI tool, to allow it to successfully communicate with CloudBees CI.
-
Ensure that the
keytool
command is running on the machine running the Jenkins CLI tool. -
Obtain/download your CloudBees CI’s non-TrustStore SSL certificate directly from the web browser itself - naming it, for example,
cloudbees-ci.example.com.crt
.In Firefox, this can be done by doing the following:
-
Visit your CloudBees CI site.
-
Click its padlock icon to the left of the URL field.
-
Click the > to the right of Connection.
-
Click More Information at the base of the resulting dialog box.
-
In the resulting Page Info dialog box, ensure the Security tab is selected and click the View Certificate button.
-
On the resulting Certificate Viewer dialog box, click the Details tab and click the Export button.
-
-
Create a keystore and import this certificate by running the command (changing the values appropriately):
keytool -import -noprompt -trustcacerts -alias cloudbees-ci.example.com -file cloudbees-ci.example.com.crt -keystore myKeystore -storepass changeme
-
Test that the certificate configured in your keystore works and now provides your locally running Jenkins CLI tool access to your CloudBees CI instance by running this command:
java -Djavax.net.ssl.trustStore=myKeystore -Djavax.net.ssl.trustStorePassword=changeme -jar jenkins-cli.jar -s https://cloudbees-ci.example.com/cjoc/ help
If you receive a list of available Jenkins CLI commands in both cases, then your Jenkins CLI is now working.
-
Update the alias file/s configured for your Jenkins CLI tool to insert these additional components between
java
and-jar
:-Djavax.net.ssl.trustStore=myKeystore -Djavax.net.ssl.trustStorePassword=changeme