Jenkins by default operates on port 8080 without any encryption in transit. This is not a desired setup in real world scenarios. So, in the following, I’ll go through the steps of setting up HTTPS using a self sign certificate. If you have your own CA signed certificate, the steps are identical.

In this example, I used Jenkins 2.346.3 LTS on Ubuntu 22.04.

Create a self signed certificate

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \
    -subj "/C=AU/ST=VIC/O=example inc/CN=www.example.com" \
    -keyout server.key -out server.crt

Now we need to convert the certificate file to PKCS#12 format. The following command generates a PKCS#12 format file from the certificate and private key.

openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt

If you have the root certificate of the certificate authority, you can add it using the -certfile ca_cert.crt option.

Add the certificate to keystore

sudo keytool -importkeystore -srckeystore server.p12 \
    -srcstoretype PKCS12 \
    -destkeystore /var/lib/jenkins/jenkins.jks

When you import the key to the keystore, you’ll be prompted for the keystore password. Keep this handy as you need to set it up in the jenkins' config file.

Now let’s edit the jenkins config.

As of Jenkins 2.332.1, instead of editing the jenkins file directly, we need to use the systemctl command.

sudo systemctl edit jenkins

Then add the following in the file.

[Service]
Environment="JENKINS_PORT=-1"                                               
Environment="JENKINS_HTTPS_PORT=8443"
Environment="JENKINS_HTTPS_LISTEN_ADDRESS=0.0.0.0"
Environment="JENKINS_HTTPS_KEYSTORE=/var/lib/jenkins/jenkins.jks"
Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=<the-password-when-creating-keystore>"