jenkinscertificateadfsjks

No Guideline / Documentation for Jenkins default certificate expiration


My jenkins.cer and saml-jenkins-keystore.jks certificate under JENKINS_HOME has expired causing integration with ADFS using SAML 2.0 to fail.

I did not find any documentation on how to update the certificate or keystore.

Infact, I do not even know the password to saml-jenkins-keystore.jks for making changes (updating the certificates) to the saml-jenkins-keystore.jks file.

Can you please help direct me as to what needs to be done inorder to get the jenkins.cer and saml-jenkins-keystore.jks renewed.

I tried deleting both jenkins.cer and saml-jenkins-keystore.jks and restarting Jenkins expecting it to recreate both the files afresh.

However, a restart does not create jenkins.cer and saml-jenkins-keystore.jks file.

I need to change the validity of jenkins.cer and saml-jenkins-keystore.jks for the ADFS integration to work.

I would also be interested in knowing the trust store password for saml-jenkins-keystore.jks

The expiration of Jenkins certificate causes integration between Jenkins and ADFS to break.

Kindly suggest.


Solution

  • There is no specific document for Jenkins default certificate expiration. Kindly try the below steps and check if it resolves your issue.

    You need to remove certificates from JENKINS_HOME and restart jenkins service. Jenkins will generate new certificates. Remove the file from JENKINS_HOME: saml-jenkins-keystore.jks saml-jenkins-keystore.xml jenkins.cer and Restart Jenkins.

    Try to get access Jenkins through web interface and it will generate a new saml-jenkins-keystore.jks saml-jenkins-keystore.xml

    Generate jenkins.cer using the new jks keytool -export -alias saml-generated-keypair -keystore saml-jenkins-keystore.jks -rfc -file jenkins.cer.

    Kindly let me know if you have any queries