changeset 111:bb513b8b0caf

Blog Post about Jenkins and self signed certificates
author Dirk Olmes <dirk.olmes@codedo.de>
date Mon, 04 Apr 2022 15:36:16 +0200
parents be0331916375
children cf31bf5fce72
files content/Jenkins/git-vs-self-signed-cert.md
diffstat 1 files changed, 29 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/content/Jenkins/git-vs-self-signed-cert.md	Mon Apr 04 15:36:16 2022 +0200
@@ -0,0 +1,29 @@
+Title: Configuring Jenkins to accept a self signed https certificate for git
+Date: 2022-03-31
+Lang: en
+
+I recently did a setup of [Jenkins](https://www.jenkins.io) that had to access git repositories via https on a server that only had a self signed certificate. Here are the bits and pieces that I had to configure.
+
+## Ignoring SSL warnings in git
+
+Since all git traffic was internal I chose not to bother too much about this isssue and just disable http certificate checks in git. If you run the command
+
+    ::shell
+    git config --global http.sslVerify true
+
+an entry like this will be added to your `.gitconfig`:
+
+    :::shell
+    [http]
+        sslVerify = false
+
+We'll have to put this `.gitconfig` in a couple of places to enable Jenkins accessing the git server.
+
+## Jenkins master
+Certain operations are performed on the master itself, e.g. scanning the repo for branches in multibranch pipelines.  The `.gitconfig` mentioned above must be placed into `/var/jenkins_home/.gitconfig` on the master. In my case this was a Docker setup so I mounted the file into the container.
+
+## Jenkins worker
+Before the first build step of a pipeline actually runs Jenkins does a git checkout on the worker node. Even if you choose to run your build inside a Docker container the checkout happens before the container is actually started. So the user running the Jenkins agent must be configured with the `.gitconfig` mentioned above, too.
+
+## Not covered here
+I'm sure there are other places where a git checkout happens in Jenkins, e.g. if you do a checkout as part of a pipeline using the `checkout()` function in a Jenkinsfile. Since I don't use that functionality right now I did not bother to go into details here.