Using a custom trust store
You can use a custom trust store in the Jenkins build step of a HCL OneTest™ Server Jenkins plugin to establish a trusted and secure connection between the Jenkins server and HCL OneTest™ Server.
Before you begin
You must have configured the certificate that is used by HCL OneTest™ Server as a trusted CA, and then install HCL OneTest™ Server. See Installation of the server software.
About this task
If the SSL certificate assigned to HCL OneTest™ Server is signed by an internal Certified Authority (CA), then you must download and import the CA certificate to a custom trust store. You can then use the custom trust store in the Jenkins plugin build step to establish a trusted and secure connection between the Jenkins server and HCL OneTest™ Server.
When you use Red Hat Enterprise Linux (RHEL) operating systems for Jenkins, you must run the Jenkins service with a user who has access to the custom trust store path to utilize the custom trust store feature. To change the Jenkins user, you must open the /etc/sysconfig/jenkins file and set the JENKINS_USER to the user who has access to the custom trust store path.
$JENKINS_USER= <username>
For example, $JENKINS_USER= <user1>
You can then run the following commands to change the ownership of the Jenkins folder:
chown -R username:username /var/lib/jenkins
chown -R username:username /var/cache/jenkins
chown -R username:username /var/log/jenkins
For example,
chown -R user1:user1 /var/lib/jenkins
chown -R user1:user1 /var/cache/jenkins
chown -R user1:user1 /var/log/jenkins
/etc/init.d/jenkins restart
Procedure
- Locate the default trust store file (cacerts file) in your JRE directory from your computer, and then copy the file to a location of your choice on your computer.
-
Run the following command from the command prompt or terminal to import the CA
certificate to your custom trust store:
keytool -import -trustcacerts -file <path to the downloaded CA certificate with the file extension> -alias <custom label for the certificate> -keystore <path to the trust store>
For example,
keytool -import -trustcacerts -file C:\Users\ca file.crt -alias alias1 -keystore D:\cert\cacerts
Note: The default password of the trust store is changeit. It remains the same for the custom trust store. If you want to change the password, you can run the following command, and then enter the new password:keytool -storepasswd -keystore <path to the trust store>
For example,
keytool -storepasswd -keystore D:\cert\cacerts