Backstory
Recently during a support incident, we encountered a proxy configuration that we had yet to see when using Jenkins. In this particular instance, web traffic using ssl (HTTPS) was being intercepted, and a Trusted Root certificate provided by the Proxy Server handed to the browser. This configuration was causing Jenkins to be unable to use the proxy server, as the cacert
file Jenkins uses was blissfully unaware of the existence of those Trusted Root certificates.
The fix
In order to overcome this issue the following steps were taken:
- Shut down the Jenkins service with
Stop-Service jenkins
- Export the Trusted Root certificates from the LocalMachine certificate store to
.cer
files - Use
keytool
to import the Trusted Root certificates into the Javacacert
file. - Start the Jenkins service with
Start-Service jenkins
Code
The following PowerShell script does all of the heavy lifting to quickly overcome this issue:
[CmdletBinding()]
Param(
[Parameter()]
[String]
$ExportPath = 'C:\certs',
[Parameter(Mandatory=$true)]
[String]
$CertificateSubjectFilter
)
begin {
if(-not (Get-Command keytool)){
throw "keytool is required for this script to work"
}
if(-not (Test-Path $ExportPath)){
$null = New-Item $ExportPath -ItemType Directory
}
}
process {
#Use a counter to increment
$counter = 1
Get-ChildItem Cert:\LocalMachine\Root |
Where-Object { $_.Subject -match "CN=$CertificateSubjectFilter*" } |
Foreach-Object {
Export-Certificate -Cert $_ -Type CERT -FilePath "$ExportPath\$($_.Thumbprint)_$counter.cer"
$counter++
}
Get-ChildItem $ExportPath -Filter *.cer |
Foreach-Object {
keytool -import -trustcacerts -alias $($_.BaseName) -keystore 'C:\Program Files (x86)\jenkins\jre\lib\security\cacerts' -file $($_.Fullname) -noprompt -storepass changeit
}
}
Popular Tags
- #news 65 Number of post with tag news
- #press release 52 Number of post with tag press release
- #chocolatey for business 41 Number of post with tag chocolatey for business
- #packaging 19 Number of post with tag packaging
- #open source 15 Number of post with tag open source
- #tutorial 13 Number of post with tag tutorial
- #12 days of Chocolatey 2023 12 Number of post with tag 12 days of Chocolatey 2023
- #chocolatey community repository 10 Number of post with tag chocolatey community repository
- #chocolatey central management 6 Number of post with tag chocolatey central management
- #chocolatey cli 6 Number of post with tag chocolatey cli