How to Configure TLS in Jenkins (HTTPS Setup Step-by-Step Guide)

Introduction

By default, Jenkins serves traffic over unencrypted HTTP (port, 8080) which leaves connections vulnerable to interception and tampering. In production environments, enabling HTTPS (TLS) is essential to encrypt all communication between users and the Jenkins server and to mitigate security risks.

This guide shows how to configure HTTPS for Jenkins on Linux using systemd.

Prerequisites

• Jenkins installed on Linux

• Java 8 or later

• Root or sudo access

• Open port (example: 8443)

Check Jenkins status:

sudo systemctl status jenkins

Step 1: Generate a Self-Signed Certificate (Testing Purpose)

For testing, create a Java keystore:

keytool -genkeypair \
-alias jenkins \
-keyalg RSA \
-keysize 2048 \
-keystore /var/lib/jenkins/jenkins.jks \
-validity 365

• Enter keystore password

• Provide organization details when prompted

Set proper ownership and permissions:

sudo chown jenkins:jenkins /var/lib/jenkins/jenkins.jks
sudo chmod 600 /var/lib/jenkins/jenkins.jks

Step 2: Modify Jenkins Systemd Service

Edit the Jenkins configuration file

• Debian/Ubuntu:

sudo nano /etc/default/jenkins

• RHEL/CentOS:

sudo nano /etc/sysconfig/jenkins

Add or modify JENKINS_ARGS:

JENKINS_ARGS="--httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/jenkins.jks --httpsKeyStorePassword=YOUR_PASSWORD"

• This disable HTTP and enables HTTPS on port 8443

• Replace YOUR_PASSWORD with your keystore password

Step 3: Restart Jenkins

Reload systemd and restart Jenkins:

sudo systemctl daemon-reload
sudo systemctl restart jenkins
sudo systemctl status jenkins

Step 4: Allow Firewall Port

sudo firewall-cmd --permanent --add-port=8443/tcp
sudo firewall-cmd --reload

Step 5: Test HTTPS

Open browser:

https://your-server-ip:8443

You may see a security warning (self-signed certificate).

Proceed for testing purposes.