Help with github plugin - SSL issue with custom CA

[Robert Hafner]

I have a fresh install of Jenkins that will not connect to my Github Enterprise instance. We are using an in house CA with our custom TLD (so https://github.acme) and aren't having any other SSL troubles outside of this.

Does anyone know if the CA certs need to be installed in a specific way for Jenkins to be able to use them?

Rob

[Cyrille Le Clerc]

Hello Robert,

There is a trick here: your ssl certificate must be trusted by both your JVM and by the native "git" executable.

The native "git" executable picks its certificates from "/etc/ssl/certs/" on ubuntu, the folder should be similar on other linux distributions.

The default JVM SSL trust store is $JAVA_HOME/jre/lib/security/cacerts and, on OS like ubuntu, is a symlink to /etc/ssl/certs/java/cacerts

The following help page seem to detail well how to add certs: http://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate

I like to use "jrunscript" to test the trust store of java virtual machines. If the invocation returns an http code, then the certificate is trusted by the JVM:

jrunscript -e "println(new java.net.URL(\"https://github.acme\").openConnection().getResponseCode())"

Cyrille