Samstag, 15. Februar 2014

Jenkins integration test with ssl



A few days back, after a colleague has push his new integration test, our Jenkins has started be unstable. The test was implying to work with a https URL, on a local area network. The https was using self-signed certificate. Actually no big deal, but in the end that was part of the problem.

The curios part was that the test was passing on the developer machine, only on the CI Server, Jenkins was failing the test. After a closer look the problem was found: the JVM was not accepting the self-signed certificate. This means that we need add our certificate to the keystore of the JVM or to provide the JVM with a keystore that has our self-signed certificate.

to list the cretificate of the JVM do
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts

you will be asked for a password. To just list the cacerts, you don't need to introduce any password.
If you want to add a new entry then you will need a password. It's looks like the default password is
changeit
in order to add a new  entry do
keytool -import -alias <your server> -file myServer.crt -keystore $JAVA_HOME/jre/lib/security/cacerts 

If you don't provide last argument -keytrore then it's gone import in users home/.keystore

The last problem that needs to be fix is to make those certificate available at the test time in Jenkins.
For this you can add the following arguments for jenkins:

-Djavax.net.ssl.trustStore=<the path to your keystore>
-Djavax.net.ssl.trustStorePassword=<your keystore password>