Hi, let’s separate two completely different tasks of what you are trying to achieve: 1) Configure Jenkins server to serve itself over SSL / HTTPS 2) Use a certificate that your browser recognise as valid
The documents you listed, tell you how to do point 1) and in general is left to you (or to other guides) how to do point 2) Now, from the error you see on the browser, “CERT_AUTHORITY_INVALID”, I’m pretty sure that you achieved 1) So, you actually did it !! But maybe you don’t know exactly what the error means. So, I’ll try to details to best of my knowledge (I’m not an expert of certificate authorities): - the browser tries to reach your Jenkins over port 443 (HTTPS) - Jenkins reply correctly and the browser is happy and they start to establish an SSL connection between them (that means they successfully exchanged the SSL certificate and they can encrypt the connection) - But the browser wants to be sure that the certificate has been made by some “known” trusted authority … let’s think of it like a known valid institution that produce valid certificates - … but when it looks inside the certificates, it can’t find a certificate authority that knows … and then, for safety, it stops the communication and raise an error saying that it can’t “trust” the certificate because it’s not produced by an authority that it knows. So, Jenkins is setup correctly and you did everything correctly on configure it. The last bit that remains for you is to get a “real” valid certificate from a real valid certificate authority … if you can’t, then you can’t avoid the browser giving the CERT_AUTHORITY_INVALID error. I hope that’s clear. Cheers, Gianluca. P.S.: The fact Jenkins does not have access to the Internet, doesn’t prevent you to get a valid certificate from a valid authority, like letsencrypt or other certificate authorities like Comodo SSL, and so on. We have many servers in our infrastructure without access to Internet but with valid certificate from Comodo SSL and LetsEncrypt > On 11 Dec 2020, at 20:42, unlimh...@gmail.com wrote: > > Please help with the working instructions for installing SSL (https) on > Jenkins. > Is it possible to install an SSL certificate on Jenkins without a reverse > proxy (nginx)? > > I tried these instructions below, but they didn't help (the certificate > doesn't work) and I get in the browser: > > Your connection is not private > NET::ERR_CERT_AUTHORITY_INVALID > > p.s. My network with Jenkins does not have access to the Internet, so > solutions in letsencrypt and similar will not work for me. > > links: > https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777 > <https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777> > https://mohitgoyal.co/2017/02/08/securing-your-jenkins-environment-and-configure-for-auditing/ > > <https://mohitgoyal.co/2017/02/08/securing-your-jenkins-environment-and-configure-for-auditing/> > https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+Nginx > <https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+Nginx> > https://agirlhasnona.me/ops-tutorial-ssl-jenkins/ > <https://agirlhasnona.me/ops-tutorial-ssl-jenkins/> > https://jansipke.nl/enable-https-jenkins/ > <https://jansipke.nl/enable-https-jenkins/> > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com > <mailto:jenkinsci-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/459881610.20201211234224%40gmail.com > > <https://groups.google.com/d/msgid/jenkinsci-users/459881610.20201211234224%40gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6422CCE5-7F24-4671-A5D7-9DE43A47721E%40gmail.com.
