Jenkins start-up fails after pointing to ssl cert and key

1,033 views
Skip to first unread message

Kaliyug Antagonist

unread,
Nov 27, 2017, 5:23:20 AM11/27/17
to Jenkins Users
  • Jenkins 2.73.3
  • Java(TM) SE Runtime Environment (build 1.8.0_151-b12) Java HotSpot(TM) 64-Bit Server VM (build 25.151-b12, mixed mode)
  • Red Hat Enterprise Linux Server release 7.4 (Maipo)

The SSL cert and keys:

[root@l5109p ssl]# ls -lrt /etc/security/ssl/
-rw-r-----. 1 jenkins jenkins  2894 Nov 27 09:17 jenkins_wildcard.sss.se.com.cert.pem
-rw-r-----. 1 jenkins jenkins  1766 Nov 27 09:18 jenkins_wildcard.sss.se.com.key.pem

In the /etc/sysconfig/jenkins, I have added the following entry:

JENKINS_ARGS="--httpsPort=8443 --httpsCertificate=/etc/security/ssl/jenkins_wildcard.sss.se.com.cert.pem --httpsPrivateKey=/etc/security/ssl/jenkins_wildcard.sss.se.com.key.pem"

On starting the jenkins service, it fails with the following error:

Running from: /usr/lib/jenkins/jenkins.war
Nov 27, 2017 9:42:17 AM Main deleteWinstoneTempContents
WARNING: Failed to delete the temporary Winstone file /tmp/winstone/jenkins.war
Nov 27, 2017 9:42:17 AM org.eclipse.jetty.util.log.Log initialized
INFO: Logging initialized @393ms to org.eclipse.jetty.util.log.JavaUtilLog
Nov 27, 2017 9:42:17 AM winstone.Logger logInternal
INFO: Beginning extraction from war file
Nov 27, 2017 9:42:17 AM org.eclipse.jetty.server.handler.ContextHandler setContextPath
WARNING: Empty contextPath
Nov 27, 2017 9:42:17 AM winstone.Logger logInternal
INFO: Winstone shutdown successfully
java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
        at winstone.Launcher.spawnListener(Launcher.java:209)
        at winstone.Launcher.<init>(Launcher.java:150)
        at winstone.Launcher.main(Launcher.java:354)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at Main._main(Main.java:294)
        at Main.main(Main.java:132)
Caused by: java.lang.IllegalArgumentException: Not B64 encoded
        at org.eclipse.jetty.util.B64Code.decode(B64Code.java:428)
        at org.eclipse.jetty.util.B64Code.decode(B64Code.java:391)
        at winstone.AbstractSecuredConnectorFactory.readPEMRSAPrivateKey(AbstractSecuredConnectorFactory.java:131)
        at winstone.AbstractSecuredConnectorFactory.configureSsl(AbstractSecuredConnectorFactory.java:75)
        at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:41)
        at winstone.Launcher.spawnListener(Launcher.java:207)
        ... 8 more
Nov 27, 2017 9:42:17 AM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
        at winstone.Launcher.spawnListener(Launcher.java:209)
        at winstone.Launcher.<init>(Launcher.java:150)
        at winstone.Launcher.main(Launcher.java:354)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at Main._main(Main.java:294)
        at Main.main(Main.java:132)
Caused by: java.lang.IllegalArgumentException: Not B64 encoded
        at org.eclipse.jetty.util.B64Code.decode(B64Code.java:428)
        at org.eclipse.jetty.util.B64Code.decode(B64Code.java:391)
        at winstone.AbstractSecuredConnectorFactory.readPEMRSAPrivateKey(AbstractSecuredConnectorFactory.java:131)
        at winstone.AbstractSecuredConnectorFactory.configureSsl(AbstractSecuredConnectorFactory.java:75)
        at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:41)
        at winstone.Launcher.spawnListener(Launcher.java:207)
        ... 8 more

Joaquin Henriquez

unread,
Nov 27, 2017, 5:28:09 AM11/27/17
to jenkins...@googlegroups.com

Whats if you use NGINX as a reverse proxy …. That’s what I am doing (SSL) and it is working fine.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d8802da2-4232-4e74-aad4-c04ef70f01ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Kaliyug Antagonist

unread,
Nov 27, 2017, 5:38:29 AM11/27/17
to Jenkins Users
I can try that but is it mandatory to go that way? Can't Jenkins SSL work with the settings that I am using?

Joaquin Henriquez

unread,
Nov 27, 2017, 5:52:08 AM11/27/17
to jenkins...@googlegroups.com

Not Mandatory, but easier. You might need to create a jks file. Like I have done for JIRA or Teamcity (any java base web)

https://serverfault.com/questions/278555/how-to-use-jenkins-with-ssl-https

Reply all
Reply to author
Forward
0 new messages