我无法正确配置Jenkins使用StartSSL证书.我使用命令行参数运行它,指定私钥和我的证书的路径,如Jenkins Wiki所示(在底部:https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+访问+ Jenkins).
java -jar jenkins.war --httpPort=-1 --httpsPort=8080 --httpsCertificate=<mydomain.crt file> --httpsPrivateKey=<my private key file>詹金斯成功开始.https://mydomain:8080/在Firefox中打开表示连接不受信任:
mydomain:8080 uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)
我已经尝试mydomain:8080在各种SSL检查网站上进行验证:
OK mydomain resolves to xxx.xxx.xxx.xxx
OK The certificate was issued by StartCom.
OK The certificate will expire in XXX days.
OK The hostname (mydomain) is correctly listed in the certificate.
Not OK The certificate is not trusted in all web browsers.
You may need to install an Intermediate/chain certificate
to link it to a trusted root certificate.
StartSSL没有设置Jenkins的明确说明.我试着为其他类型的服务器类似的教程跟进,并复制从StartCom中间授权文件到一个统一的证书(ca.pem并sub.class1.server.ca.pem为这里要注意:http://www.startssl.com/?app=42).
但是,这并没有改变任何事情.
像www.sslshopper.com/ssl-checker.html这样的SSL检查程序仍然报告该网站不受信任.此外,由于同样的原因,GitHub图像缓存服务不会从Jenkins渲染构建状态图标.
如何将颁发者链正确添加到我的证书中?
小智 6
我有一个类似的问题,经过一些研究后得到的一切值得信赖的是:
将中间权限证书合并<mydomain.crt file>到merged.cer使用您提到的链接调用的1个统一证书中
(来自:https://serverfault.com/questions/569866/jenkins-wont-serve-with-ca-signed-certificate)
openssl pkcs12 -inkey /location/to/key.pem -in /location/to/merged.cer -export -out keys.pkcs12
keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore jenkins.jks
注意:用于的密钥merged.cer应与之相同<my private key file>
然后按照Jenkins Wiki使用KeyStore而不是证书
java -jar jenkins.war --httpPort=-1 --httpsPort=8080 --httpsKeyStore=/path/to/jenkins.jks --httpsPrivateKey=<my private key file>
| 归档时间: |
|
| 查看次数: |
2349 次 |
| 最近记录: |