To use a self-signed or custom server certificate for
rd, you will need to do the following:
- Import the certificate to a truststore/keystore
- Set the JVM properties needed to use the truststore
(Note: if you want to skip the rigamarole, and simply accept all SSL certificates without verification, see Configuration - Insecure SSL
1. Import the certificate
You can get the server certificate in many ways, (e.g. connect to the server in a web browser, allow the unsafe connection, then use the browser to download the certificate.)
Otherwise you can use the
openssl tool (unix) to print it directly.
CERTFILE to paths to create the cert and keystore:
export CERTFILE=server-cert.txt export KEYSTORE=mykeystore
PORT environment variables to your HTTPS server host and port:
openssl s_client -connect $HOST:$PORT 2>&1 \ | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \ > $CERTFILE
You can also see the signature by using the Java
keytool to print it:
keytool -printcert -sslserver $HOST:$PORT
Next create a new keystore and import the certificate:
keytool -import -file $CERTFILE \ -alias $HOST \ -keystore $KEYSTORE \ -noprompt \ # this will skip the prompt to trust the certificate -storepass CHANGEME # change to another password
(Or leave off the
-storepass to be prompted to enter a password).
Now you have imported the certifcate into the keystore we can use to connect to the server.
If you used a different trust store “type” you can also set that with this opt:
Then, Setup your Rundeck connection info, and you can use
export RUNDECK_URL="https://$HOST:$PORT/api/18" export RUNDECK_TOKEN="..." rd system