Jenkins credentials - how to use .P12 certificate

StackOverflow https://stackoverflow.com/questions/23361326

  •  11-07-2023
  •  | 
  •  

Pergunta

I have an issue with certificates and I am not even sure if I chose the right way to go... Long story short.. I need my jenkins job to download something during build from website where I need to use certificate authentication - I got .p12 and .cert certificates. I thought I will just import them via Credentials plugin in Jenkins and so I will be able to use them in jobs, but I can't do it.

What I've done so far: I've created keystore xxx.jks and imported p12 and cert in it. Tried to add the path to it to "From a PKCS#12 file on Jenkins master", but getting message: Could not load keystore java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

I've tried to upload the certificate from Jenkins, but got this: Could retrieve key "cert alias". You may need to provide a password java.security.UnrecoverableKeyException: Get Key failed: null

I would appreciate any advice or suggestion including some useful documentation (I've tried, but I can't find anything useful for me honestly).

Thank you very much.

Foi útil?

Solução

There are several ways:

  • You can import the certificate to somewhere on the Jenkins machine, and reference that absolute location with your wget command.
  • You can place the certificate into the SVN so that it becomes part of workspace checkout, use relative location with your wget command.
  • You can use File Parameter for the job configuration, which will prompt you to upload a file to the job's workspace, however you need to provide that everytime the job runs.
  • Use Plain Credentials Plugin, which has "secret Zip file" functionality that duplicates Build Secret Plugin (which has been deprecated, but really is what you want)

Outras dicas

I have just done this with the Credentials Binding Plugin https://wiki.jenkins.io/display/JENKINS/Credentials+Binding+Plugin

Store the file in the secure Credentials section of Jenkins as a File. Then to access the file use something like the below scripted code:

stage('Get orders JSON from web service') {
    withCredentials([file(credentialsId: 'certID', variable: 'MY_CERT')]) {
        ORDERS_JSON = sh(
           script: "curl --cert $MY_CERT https://host.com/api/orders -k",
           returnStdout: true
        ).trim()
    }
}
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top