Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23665

Parameter to select alias of SSL/TLS certificate for Jenkins Web UI, private key password

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      One can run Jenkins with HTTPS support by setting the --httpsPort parameter. One can also use the --httpsKeyStore parameter to select the keystore that contains the SSL/TLS certificate that Jenkins (Winstone -> Jetty) should use on the HTTPS port.

      Just if for whatever reason the keystore does contain more than one certificate, it will be somewhat chance which one is chosen. (Might be the first, last, not sure.)

      Jetty (which is the engine used underneath Winstone in recent versions of Jenkins) has a CertAlias property which sets the alias name of the certificate to be used.

      Just right now, there is no way to specify that parameter on the Jenkins command line. I think it would make sense to implement a --httpsCertAlias parameter on the Jenkins command line which will then be passed down to Jetty.

      (On the same subject, there is --httpsKeyStorePassword parameter but no --httpsKeyPassword parameter. This will cause problems if the password of the private key of the keystore is different from the password of the certificates private key, which is a scenario that's even enforced to some extend in newer versions of the JVM keytool tool.)

          [JENKINS-23665] Parameter to select alias of SSL/TLS certificate for Jenkins Web UI, private key password

          As mentioned before, please look at https://github.com/jenkinsci/winstone/pull/16 for the implementation.

          Torsten Schlabach added a comment - As mentioned before, please look at https://github.com/jenkinsci/winstone/pull/16 for the implementation.

          Trying to atttract some attention; maybe I should not have marked this "fixed"?

          Torsten Schlabach added a comment - Trying to atttract some attention; maybe I should not have marked this "fixed"?

          Daniel Beck added a comment -

          Don't mark it resolved before it's merged.

          I don't think anyone but kohsuke can release new winstone versions, so you're probably waiting for him to notice the PR.

          Daniel Beck added a comment - Don't mark it resolved before it's merged. I don't think anyone but kohsuke can release new winstone versions, so you're probably waiting for him to notice the PR.

          There were already some people asking on the dev mailing list for some attention on this, but no luck there either.
          Any further hints welcome.

          Torsten Schlabach added a comment - There were already some people asking on the dev mailing list for some attention on this, but no luck there either. Any further hints welcome.

          Daniel Beck added a comment -

          Kohsuke's traveling this week. I'll try to (remember to) point him to this change at next week's governance meeting.

          Daniel Beck added a comment - Kohsuke's traveling this week. I'll try to (remember to) point him to this change at next week's governance meeting.

          Thx in advance. Would be very helpful.

          Torsten Schlabach added a comment - Thx in advance. Would be very helpful.

          Code changed in jenkins
          User: TorstenS73
          Path:
          src/java/winstone/HttpsConnectorFactory.java
          src/java/winstone/cmdline/Option.java
          http://jenkins-ci.org/commit/winstone/e3434028033c31269157229ff43391a8b29ea828
          Log:
          JENKINS-23665 Parameter to select alias of SSL/TLS certificate for
          Jenkins Web UI, private key password

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: TorstenS73 Path: src/java/winstone/HttpsConnectorFactory.java src/java/winstone/cmdline/Option.java http://jenkins-ci.org/commit/winstone/e3434028033c31269157229ff43391a8b29ea828 Log: JENKINS-23665 Parameter to select alias of SSL/TLS certificate for Jenkins Web UI, private key password

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          src/java/winstone/HttpsConnectorFactory.java
          src/java/winstone/cmdline/Option.java
          http://jenkins-ci.org/commit/winstone/a9cd71255b74637f1d0bc227e8d4dee907f3fe0b
          Log:
          Merge pull request #16 from TorstenS73/master

          [FIXED JENKINS-23665] Parameter to select alias ...

          Compare: https://github.com/jenkinsci/winstone/compare/52e94ad4669d...a9cd71255b74

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/java/winstone/HttpsConnectorFactory.java src/java/winstone/cmdline/Option.java http://jenkins-ci.org/commit/winstone/a9cd71255b74637f1d0bc227e8d4dee907f3fe0b Log: Merge pull request #16 from TorstenS73/master [FIXED JENKINS-23665] Parameter to select alias ... Compare: https://github.com/jenkinsci/winstone/compare/52e94ad4669d...a9cd71255b74

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          changelog.html
          war/pom.xml
          http://jenkins-ci.org/commit/jenkins/a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a
          Log:
          JENKINS-23665 integrated newer version of Winstone

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html war/pom.xml http://jenkins-ci.org/commit/jenkins/a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a Log: JENKINS-23665 integrated newer version of Winstone

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3690
          JENKINS-23665 integrated newer version of Winstone (Revision a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a)

          Result = SUCCESS
          kohsuke : a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a
          Files :

          • war/pom.xml
          • changelog.html

          dogfood added a comment - Integrated in jenkins_main_trunk #3690 JENKINS-23665 integrated newer version of Winstone (Revision a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a) Result = SUCCESS kohsuke : a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a Files : war/pom.xml changelog.html

            accountapp Account App Run by Kohsuke
            torstens Torsten Schlabach
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: