Backstory
Recently during a support incident, we encountered a proxy configuration that we had yet to see when using Jenkins. In this particular instance, web traffic using ssl (HTTPS) was being intercepted, and a Trusted Root certificate provided by the Proxy Server handed to the browser. This configuration was causing Jenkins to be unable to use the proxy server, as the cacert
file Jenkins uses was blissfully unaware of the existence of those Trusted Root certificates.
The fix
In order to overcome this issue the following steps were taken:
- Shut down the Jenkins service with
Stop-Service jenkins
- Export the Trusted Root certificates from the LocalMachine certificate store to
.cer
files - Use
keytool
to import the Trusted Root certificates into the Javacacert
file. - Start the Jenkins service with
Start-Service jenkins
Code
The following PowerShell script does all of the heavy lifting to quickly overcome this issue:
[CmdletBinding()]
Param(
[Parameter()]
[String]
$ExportPath = 'C:\certs',
[Parameter(Mandatory=$true)]
[String]
$CertificateSubjectFilter
)
begin {
if(-not (Get-Command keytool)){
throw "keytool is required for this script to work"
}
if(-not (Test-Path $ExportPath)){
$null = New-Item $ExportPath -ItemType Directory
}
}
process {
#Use a counter to increment
$counter = 1
Get-ChildItem Cert:\LocalMachine\Root |
Where-Object { $_.Subject -match "CN=$CertificateSubjectFilter*" } |
Foreach-Object {
Export-Certificate -Cert $_ -Type CERT -FilePath "$ExportPath\$($_.Thumbprint)_$counter.cer"
$counter++
}
Get-ChildItem $ExportPath -Filter *.cer |
Foreach-Object {
keytool -import -trustcacerts -alias $($_.BaseName) -keystore 'C:\Program Files (x86)\jenkins\jre\lib\security\cacerts' -file $($_.Fullname) -noprompt -storepass changeit
}
}
Written By:
Chocolatey Team
Chocolatey Software enriches lives by empowering technologists with powerful and flexible yet simple solutions that automate the complexities of software deployment, configuration, and management.
Popular Tags
- #news 72 Number of post with tag news
- #press release 57 Number of post with tag press release
- #chocolatey for business 46 Number of post with tag chocolatey for business
- #packaging 21 Number of post with tag packaging
- #open source 17 Number of post with tag open source
- #community 15 Number of post with tag community
- #tutorial 14 Number of post with tag tutorial
- #12 days of Chocolatey 2023 12 Number of post with tag 12 days of Chocolatey 2023
- #chocolatey community repository 12 Number of post with tag chocolatey community repository
- #podcast 12 Number of post with tag podcast