Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23665

Parameter to select alias of SSL/TLS certificate for Jenkins Web UI, private key password

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      One can run Jenkins with HTTPS support by setting the --httpsPort parameter. One can also use the --httpsKeyStore parameter to select the keystore that contains the SSL/TLS certificate that Jenkins (Winstone -> Jetty) should use on the HTTPS port.

      Just if for whatever reason the keystore does contain more than one certificate, it will be somewhat chance which one is chosen. (Might be the first, last, not sure.)

      Jetty (which is the engine used underneath Winstone in recent versions of Jenkins) has a CertAlias property which sets the alias name of the certificate to be used.

      Just right now, there is no way to specify that parameter on the Jenkins command line. I think it would make sense to implement a --httpsCertAlias parameter on the Jenkins command line which will then be passed down to Jetty.

      (On the same subject, there is --httpsKeyStorePassword parameter but no --httpsKeyPassword parameter. This will cause problems if the password of the private key of the keystore is different from the password of the certificates private key, which is a scenario that's even enforced to some extend in newer versions of the JVM keytool tool.)

          [JENKINS-23665] Parameter to select alias of SSL/TLS certificate for Jenkins Web UI, private key password

          Torsten Schlabach created issue -

          There is an implementation available:

          https://github.com/jenkinsci/winstone/pull/16

          Torsten Schlabach added a comment - There is an implementation available: https://github.com/jenkinsci/winstone/pull/16
          Oleg Nenashev made changes -
          Assignee New: Torsten Schlabach [ torstens ]
          Oleg Nenashev made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]

          As mentioned before, please look at https://github.com/jenkinsci/winstone/pull/16 for the implementation.

          Torsten Schlabach added a comment - As mentioned before, please look at https://github.com/jenkinsci/winstone/pull/16 for the implementation.
          Torsten Schlabach made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]

          Trying to atttract some attention; maybe I should not have marked this "fixed"?

          Torsten Schlabach added a comment - Trying to atttract some attention; maybe I should not have marked this "fixed"?
          Torsten Schlabach made changes -
          Assignee Original: Torsten Schlabach [ torstens ]
          Resolution Original: Fixed [ 1 ]
          Status Original: Resolved [ 5 ] New: Reopened [ 4 ]

          Daniel Beck added a comment -

          Don't mark it resolved before it's merged.

          I don't think anyone but kohsuke can release new winstone versions, so you're probably waiting for him to notice the PR.

          Daniel Beck added a comment - Don't mark it resolved before it's merged. I don't think anyone but kohsuke can release new winstone versions, so you're probably waiting for him to notice the PR.
          Torsten Schlabach made changes -
          Status Original: Reopened [ 4 ] New: Open [ 1 ]

            accountapp Account App Run by Kohsuke
            torstens Torsten Schlabach
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: