Issue

• We need to install a certificate chain as we use self signed certs in our internal docker registry.

Environment

• CloudBees Jenkins Enterprise - AWS/OpenStack/Anywhere

Resolution

To import the certificates in your cluster you have to use the certificates-update cluster operation

cje prepare certificates-update

then you copy your certificates and all certificates chain in $CJE_PROJECT_FOLDER/certificates, the certificate files must end with .pem extension.

Then, you run cje apply and the certificated will be picked up automatically and installed on all VMs/containers involved in the cluster.

Finally, you need to restart all the Managed Masters for those changes to take effect.

Note: If the SSL certificate is self-signed or uses a custom certificate authority, it needs to be trusted by the workstation running the installation (import to the default JVM .keystore) as well as copied to the workers of the cluster.