Using a custom trust store
You must use a custom trust store in the Jenkins build to establish a trusted and secure connection between the Jenkins server and HCL OneTest™ Server.
Before you begin
- Saved the Certificate Authority (CA) assigned to
HCL OneTest™ Server.Note: You can contact the administrator of HCL OneTest™ Server if you do not have a copy of the CA.
- Installed Java on the computer from where you access the HCL OneTest™ Server UI.
About this task
If the SSL certificate assigned to HCL OneTest™ Server is signed by an internal CA, then you must download and import the CA to a custom trust store. You can then use the custom trust store in the Jenkins build step to establish a trusted and secure connection between the Jenkins server and HCL OneTest™ Server.
When you use Red Hat Enterprise Linux (RHEL) operating systems for Jenkins, you must run the Jenkins service with a user who has access to the custom trust store path to utilize the custom trust store feature. To change the Jenkins user, you must open the /etc/sysconfig/jenkins file and set the JENKINS_USER to the user who has access to the custom trust store path.
$JENKINS_USER= <username>
For example, $JENKINS_USER= <user1>
You can then run the following commands to change the ownership of the Jenkins folder:
chown -R username:username /var/lib/jenkins
chown -R username:username /var/cache/jenkins
chown -R username:username /var/log/jenkins
For example,
chown -R user1:user1 /var/lib/jenkins
chown -R user1:user1 /var/cache/jenkins
chown -R user1:user1 /var/log/jenkins
/etc/init.d/jenkins restart
Procedure
-
Locate the default trust store file (cacerts file) from
the JRE directory.
For example: C:\Program Files\Java\jdk-18.0.1.1\lib\security
- Copy the cacerts file to a location of your choice on your computer.
- Place the CA assigned to HCL OneTest™ Server in the same location where you saved the cacerts file.
-
Run the following command from the command-line interface or terminal to import
the CA of HCL OneTest™ Server to
custom trust store:
keytool -import -trustcacerts -file {path to the downloaded CA with the file extension} -alias {label for the certificate} -keystore {path to the trust store cacerts file}
For example,
keytool -import -trustcacerts -file C:\Users\Desktop\cert\ca-master-hcl.crt -alias "otsca" -keystore C:\Users\Desktop\cert\cacerts
Note: The default password of the trust store is changeit. It remains the same for the custom trust store. If you want to change the password, you can run the following command, and then enter the new password:keytool -storepasswd -keystore {path to the trust store cacerts file}
For example,
keytool -storepasswd -keystore C:\Users\Desktop\cert\cacerts