Jenkins Plugin URL https connectivity

Hi Team,

We are using https url for plugins site
(https://updates.jenkins-ci.org/update-center.json) and I could see that the certificate provided by Let's Encrypt.

However, to establish connections with https URL we need to import plugins site certificate into jdk keystore. Problem is the plugins URL certificate gets expired every three months and maintaining the certificate will be issue here.
Is there any alternative way to manage this issue. We're using some legacy based applications.

It's hard to comment without detail on what you're doing, but normally, programs will use a root trust store to figure out whether they should trust a website's certificate. These trust stores (depending how recently they have been updated) will include the Let's Encrypt root certificates. As a result, all websites with valid Let's Encrypt certificates are trusted, without having to include each one individually.

If you find yourself manually adding website certificates to a trust store, something has gone wrong. This is almost never the correct approach if you're connecting to public websites on the internet. If it is the case that your legacy application is using an outdated root trust store, you can try configuring it with an up-to-date root trust store (like this one, or better yet, the one that comes with your operating system).

6 Likes

Hi @_az ,

Thanks for your response.

We're migrating our on-prem jenkins server to AWS cloud. We're using the older version of jenkins(2.19.3) with openjdk 8. When we're tyring to access the jenkins plugin URL through update center, we're receiving a response like "javax.net.ssl.SSLHandshakeException: No trusted certificate found". We analysed the ca bundle and could see that the ISRG Root X1 (Let's Encrypt) root cert presents in the server.

The problem here is still we're facing the same SSLHandshake Exception even the root ca cert present in our environments.

Can you please help me on this.

Regards,
Dhakshnamoorthy M

1 Like

Have you tried switching to/from the "short" and "long" chain?

2 Likes

If you need more on Long (default) and Short (alternate) Certificate Chains Explained
is worth a read.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.