I recently did a setup of Jenkins that had to access git repositories via https on a server that only had a self signed certificate. Here are the bits and pieces that I had to configure.
Ignoring SSL warnings in git
Since all git traffic was internal I chose not to bother too much about this isssue and just disable http certificate checks in git. If you run the command
git config --global http.sslVerify true
an entry like this will be added to your .gitconfig:
[http]
sslVerify = false
We’ll have to put this .gitconfig in a couple of places to enable Jenkins accessing the git server.
Jenkins master
Certain operations are performed on the master itself, e.g. scanning the repo for branches in multibranch pipelines. The .gitconfig mentioned above must be placed into /var/jenkins_home/.gitconfig on the master. In my case this was a Docker setup so I mounted the file into the container.
Jenkins worker
Before the first build step of a pipeline actually runs Jenkins does a git checkout on the worker node. Even if you choose to run your build inside a Docker container the checkout happens before the container is actually started. So the user running the Jenkins agent must be configured with the .gitconfig mentioned above, too.
Not covered here
I’m sure there are other places where a git checkout happens in Jenkins, e.g. if you do a checkout as part of a pipeline using the checkout() function in a Jenkinsfile. Since I don’t use that functionality right now I did not bother to go into details here.