Configuring Jenkins CLI tool with non-TrustStore SSL certificates

1 minute readAutomation

If your CloudBees CI instance has been secured with a non-TrustStore SSL certificate, then you may need to configure your local machine running the Jenkins CLI tool, to allow it to successfully communicate with CloudBees CI.

  1. Ensure that the keytool command is running on the machine running the Jenkins CLI tool.

  2. Obtain/download your CloudBees CI’s non-TrustStore SSL certificate directly from the web browser itself - naming it, for example, cloudbees-ci.example.com.crt.

    In Firefox, this can be done by doing the following:

    1. Visit your CloudBees CI site.

    2. Click its padlock icon to the left of the URL field.

    3. Click the > to the right of Connection.

    4. Click More Information at the base of the resulting dialog box.

    5. In the resulting Page Info dialog box, ensure the Security tab is selected and click the View Certificate button.

    6. On the resulting Certificate Viewer dialog box, click the Details tab and click the Export button.

  3. Create a keystore and import this certificate by running the command (changing the values appropriately):

    keytool -import -noprompt -trustcacerts -alias cloudbees-ci.example.com -file cloudbees-ci.example.com.crt -keystore myKeystore -storepass changeme
  4. Test that the certificate configured in your keystore works and now provides your locally running Jenkins CLI tool access to your CloudBees CI instance by running this command:

    java -Djavax.net.ssl.trustStore=myKeystore -Djavax.net.ssl.trustStorePassword=changeme -jar jenkins-cli.jar -s https://cloudbees-ci.example.com/cjoc/ help

    If you receive a list of available Jenkins CLI commands in both cases, then your Jenkins CLI is now working.

  5. Update the alias file/s configured for your Jenkins CLI tool to insert these additional components between java and -jar:

    -Djavax.net.ssl.trustStore=myKeystore -Djavax.net.ssl.trustStorePassword=changeme