Enable HTTPS in Jenkins Using Java Keystore (JKS)
Works for: RHEL 7/8/9, Jenkins installed via yum/dnf (/etc/sysconfig/jenkins).
Step 1 — Create a Java Keystore (JKS)
Step 2 — Move Keystore to Jenkins Directory
Step 3 — Edit Jenkins Startup Config
Step 4 — Restart Jenkins
Step 5 — Access Jenkins via HTTPS
✔ Jenkins HTTPS enabled using internal Java Keystore
✔ No Nginx, no Apache
✔ Works on Red Hat Linux with default Jenkins service
To check whether OpenSSL is installed on your Red Hat Linux system, you can use any of these simple commands:
openssl version
If OpenSSL is installed, you’ll see something like:
OpenSSL 1.1.1k FIPS 25 Mar 2021
If it’s not installed, you’ll get:
bash: openssl: command not found
Install OpenSSL (if missing)
sudo dnf install openssl -y
Next Step: Use OpenSSL to Create PKCS12 for Jenkins
If you have:
server.crtserver.key(optional)
chain.crt
Run:
openssl pkcs12 -export \
-in server.crt \
-inkey server.key \
-certfile chain.crt \
-out jenkins.p12 \
-name jenkinsThis jenkins.p12 file can then be converted to JKS.
Convert PKCS12 → Java Keystore (JKS) - Use keytool:
keytool -importkeystore \
-srckeystore jenkins.p12 -srcstoretype PKCS12 \
-destkeystore jenkins.jks -deststoretype JKSThen point Jenkins to:
-Dhttps.keyStore=/var/lib/jenkins/jenkins.jks -Dhttps.keyStorePassword=YOURPASS
Generate a self‑signed SSL certificate using OpenSSL on Red Hat Linux, and prepare it for Jenkins HTTPS (JKS).
Step 1 — Generate a Private Key
openssl genrsa -out server.key 4096
This creates a 4096‑bit RSA private key.
Step 2 — Generate a Self‑Signed Certificate (valid 10 years)
openssl req -new -x509 -key server.key -out server.crt -days 3650
You will be asked questions like:
Country: IN
State: West Bengal
Locality: Kolkata
Organization: YourCompany
Organizational Unit: IT
Common Name: jenkins.example.com <-- IMPORTANT
Email: admin@example.com
👉 Common Name (CN) must match the hostname you will use in the browser.
Step 3 — Create a PKCS12 File (Required for JKS)
Combine the key + certificate:
openssl pkcs12 -export \
-in server.crt \
-inkey server.key \
-name jenkins \
-out jenkins.p12
You will be asked to set an export password — remember it.
Step 4 — Convert PKCS12 → Java Keystore (JKS)
Jenkins needs a JKS keystore:
keytool -importkeystore \
-srckeystore jenkins.p12 -srcstoretype PKCS12 \
-destkeystore jenkins.jks -deststoretype JKS
It will ask:
Source password → the one you set in Step 3
Destination password → JKS password (you will use this in Jenkins)
Step 5 — Move Keystore to Jenkins Directory
sudo mv jenkins.jks /var/lib/jenkins/
sudo chown jenkins:jenkins /var/lib/jenkins/jenkins.jks
chmod 600 /var/lib/jenkins/jenkins.jks
Step 6 — Configure Jenkins to Use HTTPS
Edit:
sudo vi /etc/sysconfig/jenkins
Update:
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true \
-Dhttps.port=8443 \
-Dhttps.keyStore=/var/lib/jenkins/jenkins.jks \
-Dhttps.keyStorePassword=YOUR_JKS_PASSWORD"
Restart Jenkins:
sudo systemctl restart jenkins
Open in browser:
