Hi all,
I’m after some help with an SSL issue.
I’ve recently updated our Jenkins SSL to use our Enterprise CA signed certificate and that is working ok, everything looks good in browsers, but we have a webhook that connects to our Bitbucket server and was working and kicking off builds when the server had a self-signed certificate, but now throws an error that it is using http and not https.
When I check bitbucket with a browser, the certificate and CA chain look fine, but if I check using an
openssl s_client -connect bitbucket.url:443 -showcerts
from a different server in a terminal session, it returns a self-signed certificate, so I’m thinking I’ll re-install the certificates on the server, but I’m not sure that will resolve it.
The bitbucket server is running inside a docker container.
The IT Support guy that set it up originally is no longer with us and his notes (what little there is of them) sort of indicate that the Jenkins certificate needs to be installed on the bitbucket server, but that doesn’t sound right to me, but I don’t work with containers much.
Can someone provide me with the correct steps to get this webhook working with https? Is it correct that the Jenkins cert gets installed inside the bitbucket container?
Thanks
Hello,
To me, the SSL certificate of Jenkins does not need to be installed on the Bitbucket server. 
Instead, the Bitbucket server needs to have its own SSL certificate installed.
As far as I understand, the SSL certificate is used to establish a secure connection between the client (in this case, Jenkins) and the server (Bitbucket).
Thank you. I appreciate that. I’m glad it is not just me that thought it didn’t sound right…
I’m just not quite clear on the container side of things, but I’ll reinstall the CA chain and server certs tomorrow and see how things are atfter that.
Cheers
I’m not sure if I understand your problem correctly. What is the direction of the webhook. I would assume that bitbucket is calling a url in Jenkins. Then checking the certificate of bitbucket is not relevant. You will need to check the certificate of Jenkins with openssl.
To work properly your bitbucket server will need to have your Enterprise CA certificate in it’s truststore and Jenkins must ensure that it sends all intermediate certificates (it is common practice not to sign certificates of servers with the Root CA but with an intermediate certificate).
Hey Markus, Thanks for reply. Sorry if I wasn’t clear.
It’s sorted now. The CA cert being used was old. Once I updated it, everything is working as expected.
Cheers,