SSL and HTTPS
You can configure Incredibuild to use secure communication between internal components (SSL), and to use HTTPS and port 8081 (by default) when accessing the Incredibuild Agent user interfaces. The Incredibuild Coordinator user interface can only be accessed through HTTPS.
You can use Incredibuild's self-signed certificate, or add a custom certificate.
Enable SSL
Go to the Coordinator Monitor > Settings > General tab and click Enable SSL:
Accessing the Agent UI through the Coordinator HTTPS
You can reroute traffic to Agent machines through your Coordinator HTTPS. This enables access to the Agent user interfaces without needing to install certificates on the Agent machines.
Go to the Coordinator Monitor > Settings > General tab and click Access Agent UI via Coordinator HTTPS
Using a Custom SSL Certificate
By default, Incredibuild's self-signed certificate is used for authentication. You can use a custom certificate by manually uploading it:
-
Run the script to install certificates.
/opt/incredibuild/management/ib_cert.sh install <cert> <key>
-
Where <cert> can be a single server certificate, or the full certificate chain.
-
The certificates and keys can be PEM or DER formats, and the key cannot be password protected.
-
If you are using the full certificate chain, it must be in either PKCS7 format (.p7b files in both PEM and DER formats) or a list of concatenated pem certificates.
-
-
Run this script on every machine that you want to use this certificate.
-
Make sure that all machines in your environment trust the certificates you just added.
-
If your certificate only includes a single server certificate, clients in your environment must contain the root CA and intermediate CAs in their trusted certificate store.
-
If your certificate includes the full certificate chain, clients in your environment must contain the root CA in their trusted certificate store.
-
-
If you added certificates on the Coordinator machine, restart the Manager Service on the Coordinator.
sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh stop
sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh start
Switch Certificates
If you have more than one certificate loaded into Incredibuild, you can switch using the following command:
/opt/incredibuild/management/ib_cert.sh select ib|user
If you changed the certificate on the Coordinator machine, restart the Manager Service on the Coordinator.
sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh stop
sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh start
Regenerate Incredibuild's Self-Signed Certificate
If your certificate expired or you want to regenerate Incredibuild's certificate for any other reason, use the following command:
/opt/incredibuild/management/ib_cert.sh regenerate
If you changed the certificate on the Coordinator machine, restart the Manager Service on the Coordinator.
sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh stop
sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh start