使用StartSSL配置Jenkins - 添加颁发者链

我无法正确配置Jenkins使用StartSSL证书.我使用命令行参数运行它,指定私钥和我的证书的路径,如Jenkins Wiki所示(在底部:https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+访问+ Jenkins).

我从StartSSL获得了私钥和证书

我把它们放在一个特定的文件夹中

我正在运行Jenkins如下: java -jar jenkins.war --httpPort=-1 --httpsPort=8080 --httpsCertificate= --httpsPrivateKey=

詹金斯成功开始.https://mydomain:8080/在Firefox中打开表示连接不受信任:

mydomain:8080 uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)

我已经尝试mydomain:8080在各种SSL检查网站上进行验证:

OK mydomain resolves to xxx.xxx.xxx.xxx

OK The certificate was issued by StartCom.  

OK The certificate will expire in XXX days. 

OK The hostname (mydomain) is correctly listed in the certificate.

Not OK The certificate is not trusted in all web browsers.
       You may need to install an Intermediate/chain certificate
       to link it to a trusted root certificate.

StartSSL没有设置Jenkins的明确说明.我试着为其他类型的服务器类似的教程跟进,并复制从StartCom中间授权文件到一个统一的证书(ca.pem并sub.class1.server.ca.pem为这里要注意:http://www.startssl.com/?app=42).

但是,这并没有改变任何事情.

像www.sslshopper.com/ssl-checker.html这样的SSL检查程序仍然报告该网站不受信任.此外,由于同样的原因,GitHub图像缓存服务不会从Jenkins渲染构建状态图标.

如何将颁发者链正确添加到我的证书中？

1> 小智..：

---

我有一个类似的问题,经过一些研究后得到的一切值得信赖的是:

将中间权限证书合并到merged.cer使用您提到的链接调用的1个统一证书中

(来自:https://serverfault.com/questions/569866/jenkins-wont-serve-with-ca-signed-certificate)

openssl pkcs12 -inkey /location/to/key.pem -in /location/to/merged.cer  -export -out keys.pkcs12

keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore jenkins.jks

注意:用于的密钥merged.cer应与之相同

然后按照Jenkins Wiki使用KeyStore而不是证书

    java -jar jenkins.war --httpPort=-1 --httpsPort=8080 --httpsKeyStore=/path/to/jenkins.jks --httpsPrivateKey=

---

谢谢,你的答案有效.但正如我下面的[詹金斯文档]我的命令是一个有点不同(https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins):`JENKINS_ARGS =" --httpsKeyStore =/var/lib/jenkins/ssl/startssl.jks --httpsKeyStorePassword = mypassword"`这是从Centos jenkins`/etc/sysconfig/jenkins`文件编辑的.