Reading: Initial Settings
step 5 : Add the resulting .p7b into the keystore you created above. step 4 : Use the contents of the certreq.csr file to generate a certificate from your security supplier. Request a SHA-1 certificate ( SHA-2 is untested but will likely work ). If using DigiCert, download the resulting certificate as other format “ a .p7b pack of all the certs in a .p7b file ”. step 3 : Create the security request. This will create a ‘certreq.csr ‘ file in your stream directory. gradation 2 : Verify the keystore was created ( your fingerprint will vary ) step 1 : Create a raw keystore on your server. This will place a ‘keystore ‘ file in your current directory. This process utilizes Java ’ mho keytool. Use the Java keytool included with your Java facility. These instructions use a broth Jenkins facility on Windows Server. The instructions assume a certificate signed by a Certificate Authority such as Digicert. If you are making your own security cut steps 3, 4, and 5. Add the alpn-boot.jar to the JVM boot classpath by adding -Xbootclasspath/p : /path/to/alpn-boot.jar to the Java command line arguments that beginning Jenkins Download the pit alpn-boot.jar file to a directory accessible to the JVM Find the boot library for your OpenJDK adaptation Identify the Java version running your Jenkins server from the “ pull off Jenkins ” → “ System Information ” page Java 8 update 242 and earlier can run the ALPN TLS extension by installing the Jetty ALPN boot library corresponding to the demand OpenJDK adaptation you are using into the Java boot classpath. Steps to install the extension are : Add — extraLibFolder=/path/to/extra/lib/folder to the Java command line arguments that start Jenkins Place the jetty-alpn-java-server.jar file in a directory accessible to the JVM Download the jetty-alpn-java-server with the version number matching the Jetty adaptation bundled with your Jenkins adaptation Locate the Java version on the “ System Information ” foliate of “ Manage Jenkins ” to confirm it is java 11 or 8u252 ( or late ) Identify the Jetty version included in your Jenkins server by searching the Jenkins startup log for the string org.eclipse.jetty.server.Server # doStart. For case : org.eclipse.jetty.server.Server # doStart : jetty-9.4.27.v20200227 Java 11, Java 8 update 252 and Java 8 versions after update 252 can run the ALPN TLS propagation by installing the Jetty ALPN java waiter jar and passing it as a java instruction line argumentation. Steps to install the elongation are : bill that enabling HTTP/2 implicitly enables TLS even if no HTTPS port is set, and as of Jenkins 2.339 ( which uses Winstone 5.23 ) you have to besides specify an HTTPS winder shop file. The HTTP/2 protocol allows web servers to reduce reaction time over code connections by pipelining requests, multiplexing requests, and allowing servers to push in some cases before receiving a client request for the data. The Jetty server used by Jenkins supports HTTP/2 with the addition of the Application-Layer Protocol Negotiation ( ALPN ) TLS annex. The ALPN TLS extension is connected to the specific Jetty adaptation and has specific requirements depending on the Java translation. If your keystore contains multiple certificates ( e.g. you are using CA signed certificate ) Jenkins might end-up using a wrong one. In this lawsuit you can convert the keystore to PEM and use following command line options : The keystore should be in JKS format ( as created by the JDK ‘keytool ‘ ) and the keystore and target identify must have the lapp password. ( Placing the keystore arguments after Jenkins-specific parameters does not seem to work ; either they are not forwarded to Winstone or Winstone ignores them coming after nameless parameters. then, make certain they are adjacent to the working — httpsPort argument. )
If you ’ re setting up Jenkins using the built-in Winstone server and want to use an existing certificate for HTTPS : refer to the detailed tilt of Jenkins properties for more information. Some Jenkins behaviors are configured with Java properties. Java properties are set from the control line that started Jenkins. place assignments use the imprint -DsomeName=someValue to assign the value someValue to the property named someName. For model, to assign the value true to a property testName, the instruction line argument would be -DtestName=true. Jenkins passes all dominate line parameters to the Winstone servlet container. More information about Jenkins Winstone command line parameters is available from the Winstone Command Line Parameter Reference. Assigns user $ USER the admin character. The drug user can configure Jenkins even if security is enabled in Jenkins. See Securing Jenkins for more information. Assigns the password for exploiter $ USER. If Jenkins security is enabled, you must log in as a user who has an admin function to configure Jenkins. other Jenkins low-level formatting shape is besides controlled by command production line arguments. The many-sided shape arguments are : Sets the hypertext transfer protocol school term timeout respect to $ SESSION_TIMEOUT minutes. default to what webapp specifies, and then to 60 minutes Runs Jenkins to include the $ PREFIX at the end of the URL. For model, set — prefix=/jenkins to make Jenkins accessible at hypertext transfer protocol : //myServer:8080/jenkins Binds Jenkins to listen for HTTP/2 requests on the IP address represented by $ HTTPS_HOST. Uses HTTP/2 protocol on interface $ HTTP_PORT. This option does not impact the root URL being generated within Jenkins logic ( UI, inbound agent files, and so forth ). It is defined by the Jenkins URL specified in the ball-shaped shape. Binds Jenkins to listen for HTTPS requests on the IP savoir-faire represented by $ HTTPS_HOST. Uses HTTPS protocol on port $ HTTPS_PORT. This option does not impact the root URL being generated within Jenkins logic ( UI, inbound agent files, and so forth ). It is defined by the Jenkins URL specified in the ball-shaped configuration. Binds Jenkins to the IP address represented by $ HTTP_HOST. The default is 0.0.0.0 — i.e. listening on all available interfaces. For model, to only listen for requests from localhost, you could use : — httpListenAddress=127.0.0.1 Runs Jenkins hearer on port $ HTTP_PORT using standard hypertext transfer protocol protocol. The default option is port 8080. To disable ( because you ’ re using hypertext transfer protocol ), use port -1. This option does not impact the rout URL being generated within Jenkins logic ( UI, inbound agent files, and so forth ). It is defined by the Jenkins URL specified in the ball-shaped configuration. Jenkins networking shape is generally controlled by instruction production line arguments. The network shape areguments are : Jenkins low-level formatting can besides be controlled by run fourth dimension parameters passed as arguments. Command cable arguments can adjust network, security, monitoring, and other settings. Most Jenkins configuration changes can be made through the Jenkins user interface or through the shape as code plugin. There are some shape values that can only be modified while Jenkins is starting. This part describes those settings and how you can use them. Was this page helpful ? Please submit your feedback about this page through this immediate shape .
alternatively, if you do n’t wish to complete the quick form, you can plainly indicate if you found this page helpful ?
See existing feedback here .