Have you tried the resolution on http://serverfault.com/questions/569866/jenkins-wont-serve-with-ca-signed-certificate ?

No I gave up because it was too much trouble. I decided to run Jenkins in tomcat and let apache handle the ssl. That was much easier.

From the Server Fault question, answer, and solution regarding startssl this seems to be an issue with the certificates in a format Java (or maybe Jetty) cannot handle (please correct me if I'm wrong).

For this reason, and because the reporter has given up on the issue, resolving as Won't Fix as there seems to be little that can be done about it in Jenkins.

After updating the renewed SSL cert into java keystore for HTTPS auth, Jenkins
startup failed with below error. Still it works with the old expired SSL cert.
I have verified the verified the java keystore and key cert password, I was
able to list the keystore content and view the content of the .pfx used in the
keystore using the passwords.

Please assist to fix this error.

svmftadm 19916 1 99 05:49 pts/0 00:00:09
/opt/mft/shared/software/jdk/jdk1.7.0_51/bin/java
-Djavax.net.ssl.trustStore=/opt/mft/admin/certs/ldapTrustStore
-Djavax.net.ssl.keyStore=/opt/mft/admin/certs/ldapTrustStore
-Djavax.net.ssl.keyStorePassword=xyz -jar /opt/mft/jenkins/jenkins.war
--httpPort=-1 --httpsPort=9443 --httpsKeyStore=/opt/mft/jenkins/jenkins.jks
--httpsKeyStorePassword=xyz

lx0001[/opt/mft/jenkins]> cat jenkins.log
Running from: /apps/mft/jenkins/jenkins.war
webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")
Oct 10, 2014 5:36:02 AM winstone.Logger logInternal
INFO: Beginning extraction from war file
Oct 10, 2014 5:36:02 AM winstone.Logger logInternal
INFO: Winstone shutdown successfully
Oct 10, 2014 5:36:02 AM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
at winstone.Launcher.spawnListener(Launcher.java:209)
at winstone.Launcher.<init>(Launcher.java:149)
at winstone.Launcher.main(Launcher.java:354)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at Main._main(Main.java:293)
at Main.main(Main.java:98)
Caused by: winstone.WinstoneException: Error getting the SSL context object
at
winstone.HttpsConnectorFactory.getSSLContext(HttpsConnectorFactory.java:218)
at
winstone.HttpsConnectorFactory.createConnector(HttpsConnectorFactory.java:127)
at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:116)
at winstone.Launcher.spawnListener(Launcher.java:207)
... 8 more

Please direct your requests for assistance somewhere else. This is an issue tracker, not a support forum.

Let me question the analysis by Daniel Beck.

Is there any evidence that Jenkins supports PEM-formatted keys as claimed? Say, a regression test? The exception is thrown by Jenkins code that implements by hand parsing of key files, and that code has some TODOs that suggest it's not a correctness champion, and there's no link to what spec it is implementing. In fact, it's surprising that Jenkins code implements such low-level certificate parsing instead of using some library.

https://github.com/jenkinsci/winstone/blob/f42497acd05d2ab69ae40875cfab0f9675777ef4/src/java/winstone/HttpsConnectorFactory.java#L148

1. Jenkins documents supporting PEM keys.
2. I have what looks like such a key generated with openssl.
3. Jenkins fails on that key as documented in this issue.

   --httpsPrivateKey        = the location of the PEM-encoded SSL private key.
                              (the one that starts with '-----BEGIN RSA PRIVATE KEY-----')

I created a key with openssl:

openssl req -nodes -newkey rsa:2048 -keyout kamino.key -out kamino-req.pem -subj $OMITTED

the file starts with

-----BEGIN PRIVATE KEY-----