github enterprise self signed certs
578 views
Skip to first unread message
Ryan Golhar
Feb 10, 2017, 2:26:21 PM2/10/17
to Jenkins Users
Hi all - I'm trying to set up Jenkins with our enterprise github install. We're using https with self-signed certificates. I've added the CA PEM to /etc/pki/tls/certs/ca-bundle.crt, and can verify this works by using 'curl https://our.enterprise.github.com/api/v3/'
Now, in Jenkins -> Manage Jenkins, under 'GitHub Enterprise Servers', I enter the same API endpoint but get the message "The endpoint does not look like a GitHub Enterprise (verify network and/or try again later)". My Jenkins log file shows:
Feb 10, 2017 7:18:57 PM org.jenkinsci.plugins.github_branch_source.Endpoint$DesciptorImpl doCheckApiUri
WARNING: Server returned HTTP response code: -1, message: 'null' for URL: https://our.enterprise.github.com/api/v3/
I'm not really sure how to proceed as this point. Has anyone run into this before?
Tobias Breuer
Nov 2, 2017, 12:24:24 PM11/2/17
to Jenkins Users
Hi,
I'm currently running into the same issue. Did you find any answer to this yet?
Tobias Breuer
Nov 3, 2017, 3:58:47 AM11/3/17
to Jenkins Users
Hi, for anyone else having similar issues. I've finally solved it for my scenario.
Originally I've added the PEM information about our self signed certificate to the keystore of the java installation on my machine.
After having a second look at the jenkins config, it turned out, that jenkins was using its own jre version which is located in the installation dir of jenkins itself (I'm running on Windows).
So I had to adapt the keystore within this particular jre and not the one installed in "Program Files". Now jenkins can successfully communicate with our GitHub enterprise server using a self signed certificate.
Now I only have to figure out why the git plugin cannot checkout even though git itself can do it via command line.
Step by Step...
Mark Waite
Nov 3, 2017, 8:37:49 AM11/3/17
to jenkins...@googlegroups.com
On Fri, Nov 3, 2017 at 1:58 AM Tobias Breuer <tobias....@gmail.com> wrote:
Hi, for anyone else having similar issues. I've finally solved it for my scenario.Originally I've added the PEM information about our self signed certificate to the keystore of the java installation on my machine.After having a second look at the jenkins config, it turned out, that jenkins was using its own jre version which is located in the installation dir of jenkins itself (I'm running on Windows).So I had to adapt the keystore within this particular jre and not the one installed in "Program Files". Now jenkins can successfully communicate with our GitHub enterprise server using a self signed certificate.Now I only have to figure out why the git plugin cannot checkout even though git itself can do it via command line.Step by Step...
Tobias,
Can you help me understand the use case for self-signed certificates on a commercially purchased product?
Your organization has paid to install, configure, and use GitHub Enterprise. It seems like you would also choose to purchase a certificate from a certificate authority. What are the barriers that prevent you from installing a certificate from a certificate authority, rather than generating one yourselves?
Thanks,
Mark Waite (I don't test the git plugin with self-signed certificates)
Am Donnerstag, 2. November 2017 17:24:24 UTC+1 schrieb Tobias Breuer:Hi,I'm currently running into the same issue. Did you find any answer to this yet?
Am Freitag, 10. Februar 2017 20:26:21 UTC+1 schrieb Ryan Golhar:Hi all - I'm trying to set up Jenkins with our enterprise github install. We're using https with self-signed certificates. I've added the CA PEM to /etc/pki/tls/certs/ca-bundle.crt, and can verify this works by using 'curl https://our.enterprise.github.com/api/v3/'Now, in Jenkins -> Manage Jenkins, under 'GitHub Enterprise Servers', I enter the same API endpoint but get the message "The endpoint does not look like a GitHub Enterprise (verify network and/or try again later)". My Jenkins log file shows:Feb 10, 2017 7:18:57 PM org.jenkinsci.plugins.github_branch_source.Endpoint$DesciptorImpl doCheckApiUriWARNING: Server returned HTTP response code: -1, message: 'null' for URL: https://our.enterprise.github.com/api/v3/I'm not really sure how to proceed as this point. Has anyone run into this before?
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/679f7362-dfe7-4c8e-abad-c9da2f433abb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
itchymuzzle
Nov 3, 2017, 9:38:39 AM11/3/17
to Jenkins Users
Free ones
Richard Bywater
Nov 4, 2017, 4:33:44 AM11/4/17
to jenkins...@googlegroups.com
Just to throw my 2 cents in, I guess it depends on what is meant by self-signed - is that self-signed as in I've created a cert on my machine and that's what I'm using, or is it "self-signed" in that its signed by a CA that is internal to the organisation.
The former seems a bit of a strange case but the latter is pretty common.
Having said that though this really isn't a Git plugin or even a Jenkins issue - its purely CA Cert Handling 101 for whenever you are trying to use Java with the two cases given above (where, of course in the second case, this involves installing the CA cert from your internal CA setup)
Richard.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGZcZMk2-iq1U7%2BLJKAY5U67RGJZXNt%2BYj3CoBC%2BS2JMA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages