Using a custom trust store

You must use a custom trust store in the Jenkins build to establish a trusted and secure connection between the Jenkins server and HCL DevOps Test Hub (Test Hub).

Before you begin

You must have completed the following tasks:
  • Saved the Certificate Authority (CA) assigned to Test Hub.
    Note: You can contact the administrator of Test Hub if you do not have a copy of the CA.
  • Installed Java on the computer from where you access the Test Hub UI.

About this task

If the SSL certificate assigned to Test Hub is signed by an internal CA, then you must download and import the CA to a custom trust store. You can then use the custom trust store in the Jenkins build step to establish a trusted and secure connection between the Jenkins server and Test Hub.

Note: If the internal CA is already imported to the default trust store that is used by the Jenkins server, you need not use a custom trust store.
Restriction:

When you use Red Hat Enterprise Linux (RHEL) operating systems for Jenkins, you must run the Jenkins service with a user who has access to the custom trust store path to utilize the custom trust store feature. To change the Jenkins user, you must open the /etc/sysconfig/jenkins file and set the JENKINS_USER to the user who has access to the custom trust store path.

You can then run the following commands to set JENKINS_USER to another user who has access to the path of the custom trust store:
$JENKINS_USER= <username>

For example, $JENKINS_USER= <user1>

Note: You must ensure that the user account is available in the /etc/passwd file.

You can then run the following commands to change the ownership of the Jenkins folder:

chown -R username:username /var/lib/jenkins
chown -R username:username /var/cache/jenkins
chown -R username:username /var/log/jenkins

For example,

chown -R user1:user1 /var/lib/jenkins

chown -R user1:user1 /var/cache/jenkins

chown -R user1:user1 /var/log/jenkins

After the change of ownership is complete, you can run the following command to restart the Jenkins server:
/etc/init.d/jenkins restart

Procedure

  1. Locate the default trust store file (cacerts file) from the JRE directory.
    For example: C:\Program Files\Java\jdk-18.0.1.1\lib\security
  2. Copy the cacerts file to a location of your choice on your computer.
  3. Place the CA assigned to Test Hub in the same location where you saved the cacerts file.
  4. Run the following command from the command-line interface or terminal to import the CA of Test Hub to custom trust store:
    keytool -import -trustcacerts -file {path to the downloaded CA with the file extension} -alias {label for the certificate} -keystore {path to the trust store cacerts file}

    For example,

    keytool -import -trustcacerts -file C:\Users\Desktop\cert\ca-master-hcl.crt -alias "otsca" -keystore C:\Users\Desktop\cert\cacerts

    Note: The default password of the trust store is changeit. It remains the same for the custom trust store. If you want to change the password, you can run the following command, and then enter the new password:
    keytool -storepasswd -keystore {path to the trust store cacerts file}

    For example, keytool -storepasswd -keystore C:\Users\Desktop\cert\cacerts

Results

You have successfully imported the downloaded CA to the custom trust store.

What to do next

You can run test assets either from Freestyle or Pipeline project from the Jenkins server.