I have created a self signed cert for use with Jenkins (Winstone) so
that I can run under SSL:
keytool -v -genkey -alias jenkins -keypass donttell -storepass donttell -keyalg RSA -keystore jenkins.ks

And then I have started Jenkins to run more securely by enabling
only the SSL port (and insuring the AJP port is only accessible
by localhost):
java -jar /var/lib/jenkins/bin/jenkins.war --httpPort=-1 --ajp13port=8009 --ajp13ListenAddress=127.0.0.1 --httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/jenkins.ks --httpsKeyStorePassword=donttell

When attempting to add an OpenID I am directed to the provider,
authenticate, but I'm redirected back to
{{ http://mysite:8080/federatedLoginService/openid/finish... }} instead of
{{ https://mysite:8443/federatedLoginService/openid/finish... }}.

It is highly likely that this cannot be debugged until there is a
resolution to JENKINS-11746 (as hand fixing the URL above results in
an NPE).