Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-68005

Custom Server Certificate drop down always empty

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • logstash-plugin
    • None
    • Jenkins 2.319.2
      Logstash 2.5.0205.vd05825ed46bd

      Hello,

      I am struggling to send build logs to Elasticsearch via direct api. I am able to send logs via logstash, but our elasticsearch cluster uses custom (self signed) certificate, and I do not want to add it to certificate store.

      The drop down option "Custom Server Certificate" seems to be exactly what I need, however I am not able to select any certificate in there, it always shows "None". Even when I "Add"->Jenkins new X.509 certificate, it still shows None aterwards.

       

       

          [JENKINS-68005] Custom Server Certificate drop down always empty

          The code populating the dropdown is here: https://github.com/jenkinsci/logstash-plugin/blob/69624f34bd5ac133d825da8dfca6a11612830763/src/main/java/jenkins/plugins/logstash/configuration/ElasticSearch.java#L233

          I'm not sure why it's not matching the certificate you added. I think it's because it expect a keystore certificate not a x.509 one.
          PR to support x.509 are welcome

          Jakub Bochenski added a comment - The code populating the dropdown is here: https://github.com/jenkinsci/logstash-plugin/blob/69624f34bd5ac133d825da8dfca6a11612830763/src/main/java/jenkins/plugins/logstash/configuration/ElasticSearch.java#L233 I'm not sure why it's not matching the certificate you added. I think it's because it expect a keystore certificate not a x.509 one. PR to support x.509 are welcome

          Markus Winter added a comment - - edited

          My guess is you're using the x509 client certificate option (from the docker commons plugin). That is not supported.

          But Jenkins certificate credentials can be used which requires a pkcs12 formatted file.

          So you need to create a keystore in pkcs12 format and import your x.509 into it. Can be done with:

          keytool -storetype PKCS12 -keystore mystore.pkcs12 -import -alias mycert -file /myx509.crt

          Then upload the file into the credential

          Markus Winter added a comment - - edited My guess is you're using the x509 client certificate option (from the docker commons plugin). That is not supported. But Jenkins certificate credentials can be used which requires a pkcs12 formatted file. So you need to create a keystore in pkcs12 format and import your x.509 into it. Can be done with: keytool -storetype PKCS12 -keystore mystore.pkcs12 - import -alias mycert -file /myx509.crt Then upload the file into the credential

          Petr K added a comment -

          Thank you guys for the support!

          Petr K added a comment - Thank you guys for the support!

            jbochenski Jakub Bochenski
            volvoxglobator Petr K
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: