Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23665

Parameter to select alias of SSL/TLS certificate for Jenkins Web UI, private key password

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      One can run Jenkins with HTTPS support by setting the --httpsPort parameter. One can also use the --httpsKeyStore parameter to select the keystore that contains the SSL/TLS certificate that Jenkins (Winstone -> Jetty) should use on the HTTPS port.

      Just if for whatever reason the keystore does contain more than one certificate, it will be somewhat chance which one is chosen. (Might be the first, last, not sure.)

      Jetty (which is the engine used underneath Winstone in recent versions of Jenkins) has a CertAlias property which sets the alias name of the certificate to be used.

      Just right now, there is no way to specify that parameter on the Jenkins command line. I think it would make sense to implement a --httpsCertAlias parameter on the Jenkins command line which will then be passed down to Jetty.

      (On the same subject, there is --httpsKeyStorePassword parameter but no --httpsKeyPassword parameter. This will cause problems if the password of the private key of the keystore is different from the password of the certificates private key, which is a scenario that's even enforced to some extend in newer versions of the JVM keytool tool.)

        Attachments

          Activity

          Hide
          torstens Torsten Schlabach added a comment -

          Thx in advance. Would be very helpful.

          Show
          torstens Torsten Schlabach added a comment - Thx in advance. Would be very helpful.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: TorstenS73
          Path:
          src/java/winstone/HttpsConnectorFactory.java
          src/java/winstone/cmdline/Option.java
          http://jenkins-ci.org/commit/winstone/e3434028033c31269157229ff43391a8b29ea828
          Log:
          JENKINS-23665 Parameter to select alias of SSL/TLS certificate for
          Jenkins Web UI, private key password

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: TorstenS73 Path: src/java/winstone/HttpsConnectorFactory.java src/java/winstone/cmdline/Option.java http://jenkins-ci.org/commit/winstone/e3434028033c31269157229ff43391a8b29ea828 Log: JENKINS-23665 Parameter to select alias of SSL/TLS certificate for Jenkins Web UI, private key password
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          src/java/winstone/HttpsConnectorFactory.java
          src/java/winstone/cmdline/Option.java
          http://jenkins-ci.org/commit/winstone/a9cd71255b74637f1d0bc227e8d4dee907f3fe0b
          Log:
          Merge pull request #16 from TorstenS73/master

          [FIXED JENKINS-23665] Parameter to select alias ...

          Compare: https://github.com/jenkinsci/winstone/compare/52e94ad4669d...a9cd71255b74

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/java/winstone/HttpsConnectorFactory.java src/java/winstone/cmdline/Option.java http://jenkins-ci.org/commit/winstone/a9cd71255b74637f1d0bc227e8d4dee907f3fe0b Log: Merge pull request #16 from TorstenS73/master [FIXED JENKINS-23665] Parameter to select alias ... Compare: https://github.com/jenkinsci/winstone/compare/52e94ad4669d...a9cd71255b74
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          changelog.html
          war/pom.xml
          http://jenkins-ci.org/commit/jenkins/a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a
          Log:
          JENKINS-23665 integrated newer version of Winstone

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html war/pom.xml http://jenkins-ci.org/commit/jenkins/a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a Log: JENKINS-23665 integrated newer version of Winstone
          Hide
          dogfood dogfood added a comment -

          Integrated in jenkins_main_trunk #3690
          JENKINS-23665 integrated newer version of Winstone (Revision a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a)

          Result = SUCCESS
          kohsuke : a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a
          Files :

          • war/pom.xml
          • changelog.html
          Show
          dogfood dogfood added a comment - Integrated in jenkins_main_trunk #3690 JENKINS-23665 integrated newer version of Winstone (Revision a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a) Result = SUCCESS kohsuke : a75c3cbacf4b5ca0fbf5a1cad5a18dcedde41d8a Files : war/pom.xml changelog.html

            People

            Assignee:
            accountapp Account App Run by Kohsuke
            Reporter:
            torstens Torsten Schlabach
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: