Hudson and https

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Hudson and https

Jon Schewe
I would like to have hudson use https so that the passwords sent to
hudson are secured. The first thing I tried was to specify a keystore
and then pass the appropriate winstone parameters to my hudson startup.
This works if I have keytool generate me a certificate, however if I
create a CSR and then sign it with my CA, then winstone gives me errors
about unsupported cipher.
[Winstone 2009/04/24 16:59:12] - Error during HTTPS listener init or
shutdownjavax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.        at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:307)
        at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
        at winstone.HttpListener.run(HttpListener.java:127)        at
java.lang.Thread.run(Thread.java:619)

I then tried apache as the front end with ajp and that works with http,
but when using https I get errors about invalid AJP headers. My guess is
that AJP doesn't like the SSL data from Apache. I see I can also run
hudson inside Tomcat.

Has anyone else secured a hudson installation using https before and
what did they find worked the best? How about these unsupported cipher
errors?


--
Jon Schewe | http://mtu.net/~jpschewe
If you see an attachment named signature.asc, this is my digital
signature. See http://www.gnupg.org for more information.

For I am convinced that neither death nor life, neither angels nor
demons, neither the present nor the future, nor any powers,
neither height nor depth, nor anything else in all creation, will
be able to separate us from the love of God that is in Christ
Jesus our Lord. - Romans 8:38-39


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Hudson and https

Jon Schewe
For those that may be interested, I found the answer at
http://www.agentbob.info/agentbob/79-AB.html

Jon Schewe wrote:

> I would like to have hudson use https so that the passwords sent to
> hudson are secured. The first thing I tried was to specify a keystore
> and then pass the appropriate winstone parameters to my hudson startup.
> This works if I have keytool generate me a certificate, however if I
> create a CSR and then sign it with my CA, then winstone gives me errors
> about unsupported cipher.
> [Winstone 2009/04/24 16:59:12] - Error during HTTPS listener init or
> shutdownjavax.net.ssl.SSLException: No available certificate or key
> corresponds to the SSL cipher suites which are enabled.        at
> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:307)
>         at
> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
>         at winstone.HttpListener.run(HttpListener.java:127)        at
> java.lang.Thread.run(Thread.java:619)
>
> I then tried apache as the front end with ajp and that works with http,
> but when using https I get errors about invalid AJP headers. My guess is
> that AJP doesn't like the SSL data from Apache. I see I can also run
> hudson inside Tomcat.
>
> Has anyone else secured a hudson installation using https before and
> what did they find worked the best? How about these unsupported cipher
> errors?
>
>
>  

--
Jon Schewe | http://mtu.net/~jpschewe
If you see an attachment named signature.asc, this is my digital
signature. See http://www.gnupg.org for more information.

For I am convinced that neither death nor life, neither angels nor
demons, neither the present nor the future, nor any powers,
neither height nor depth, nor anything else in all creation, will
be able to separate us from the love of God that is in Christ
Jesus our Lord. - Romans 8:38-39


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: Hudson and https

Aleksandar Kostadinov
:) I had yesterday to extract a private key from the keystore so I know
the pain. I see the reverse is no better.

Jon Schewe wrote, On 12/23/-28158 09:59 PM (EEST):

> For those that may be interested, I found the answer at
> http://www.agentbob.info/agentbob/79-AB.html
>
> Jon Schewe wrote:
>> I would like to have hudson use https so that the passwords sent to
>> hudson are secured. The first thing I tried was to specify a keystore
>> and then pass the appropriate winstone parameters to my hudson startup.
>> This works if I have keytool generate me a certificate, however if I
>> create a CSR and then sign it with my CA, then winstone gives me errors
>> about unsupported cipher.
>> [Winstone 2009/04/24 16:59:12] - Error during HTTPS listener init or
>> shutdownjavax.net.ssl.SSLException: No available certificate or key
>> corresponds to the SSL cipher suites which are enabled.        at
>> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:307)
>>         at
>> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
>>         at winstone.HttpListener.run(HttpListener.java:127)        at
>> java.lang.Thread.run(Thread.java:619)
>>
>> I then tried apache as the front end with ajp and that works with http,
>> but when using https I get errors about invalid AJP headers. My guess is
>> that AJP doesn't like the SSL data from Apache. I see I can also run
>> hudson inside Tomcat.
>>
>> Has anyone else secured a hudson installation using https before and
>> what did they find worked the best? How about these unsupported cipher
>> errors?
>>
>>
>>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]