
We've recently set up a Jenkins CI server on Windows. Now in order to use Active Directory authentication I'd like to require https (SSL/TLS) for access. Given this setup, what is the recommended way to do this?

Was it helpful?


Go to your %JENKINS_HOME% and modify the jenkins.xml. Where you see --httpPort=8080 change it to --httpPort=-1 --httpsPort=8080 you can make the ports anything you want of course, but in my testing (a while ago, it may have changed) if you don't keep --httpPort=<something> then Jenkins will always use 8080. So if you simply change --httpPort=8080 to --httpsPort=8080, port 8080 will still use http.

Also, if you want to use your own certificate, there are some instructions at the bottom of this page.



keytool -genkey -keyalg RSA -keystore Jenkins.jks -alias [Name of website] -keysize 2048

Answer the questions remembering that First and last name is the website URL and should be lowercase. Example:

State or province cannot be abbreviated.


keytool -certreq -Keystore jenkins.jks -alias [Name of website] -file jenkins.csr -keysize 2048

Send Jenkins.csr to your cert provider and request a PKCS#7 cert which has a .p7b extension and starts with:


Note: Trial certs are not normally available in .p7b format but you may be able to combine the .cer files using this tool which reported success but didn't work for me. (


keytool -import -trustcacerts -file jenkins.p7b -keystore jenkins.jks -alias [Name of website]

Change the arguments node in Jenkins.xml to the following prespectivly.

<arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=-1 --httpsPort=443 --httpsKeyStore="%BASE%\Cert\Jenkins.jks" --httpsKeyStorePassword=[Cert password from step 1]</arguments>


  • If Jenkins doesn't start read the last lines from Jenkins.err.log.
  • If Jenkins didn't start because of an issue with Jenkins.xml, replace the (weird Windows hyphen) characters with an actual - (ASCII hyphen).
  • If Jenkins starts but the cert still reads as bad, make sure the [Name of website] is the actual URL without the https: example: would be
  • If that isn't the issue inspect the .jks file using KeyStore Explorer. The "Certificate Hierarchy" should show that each cert is nested in another; This is to illustrate the cert chain. If it shows the certs next to each other then it's not correct.
  • If it won't start on a specific port, 443 for example, then verify IIS or another app isn't currently using the port.
  • If you can see the site on the PC it's hosted on, but not another PC, then verify you aren't getting blocked by a firewall.

Step1: Create both public and private Certificate on your jenkin name (convert them into keysore file if its not) Step2: Import the public certificate into your browser certificate mananger (import into all tabs) Step3: Host your jenkin using JKS file which contain both public and private key.

For steps refer "Enable HTTPS in jenkins?"

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top