SSL and HTTPS

You can configure Incredibuild to use secure communication between internal components (SSL), and to use HTTPS and port 8081 (by default) when accessing the Incredibuild Agent user interfaces. The Incredibuild Coordinator user interface can only be accessed through HTTPS.

You can use Incredibuild's self-signed certificate, or add a custom certificate.

Enable SSL

Go to the Coordinator Monitor > Settings > General tab and click Enable SSL:

Accessing the Agent UI through the Coordinator HTTPS

You can reroute traffic to Agent machines through your Coordinator HTTPS. This enables access to the Agent user interfaces without needing to install certificates on the Agent machines.

Go to the Coordinator Monitor > Settings > General tab and click Access Agent UI via Coordinator HTTPS

Using a Custom SSL Certificate

By default, Incredibuild's self-signed certificate is used for authentication. You can use a custom certificate by manually uploading it:

  1. Run the script to install certificates.

    /opt/incredibuild/management/ib_cert.sh install <cert> <key>

    • Where <cert> can be a single server certificate, or the full certificate chain.

    • The certificates and keys can be PEM or DER formats, and the key cannot be password protected.

    • If you are using the full certificate chain, it must be in either PKCS7 format (.p7b files in both PEM and DER formats) or a list of concatenated pem certificates.

  2. Run this script on every machine that you want to use this certificate.

  3. Make sure that all machines in your environment trust the certificates you just added.

    • If your certificate only includes a single server certificate, clients in your environment must contain the root CA and intermediate CAs in their trusted certificate store.

    • If your certificate includes the full certificate chain, clients in your environment must contain the root CA in their trusted certificate store.

  4. If you added certificates on the Coordinator machine, restart the Manager Service on the Coordinator.

    sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh stop

    sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh start

Switch Certificates

If you have more than one certificate loaded into Incredibuild, you can switch using the following command:

/opt/incredibuild/management/ib_cert.sh select ib|user

If you changed the certificate on the Coordinator machine, restart the Manager Service on the Coordinator.

sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh stop

sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh start

Regenerate Incredibuild's Self-Signed Certificate

If your certificate expired or you want to regenerate Incredibuild's certificate for any other reason, use the following command:

/opt/incredibuild/management/ib_cert.sh regenerate

If you changed the certificate on the Coordinator machine, restart the Manager Service on the Coordinator.

sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh stop

sudo /opt/incredibuild_management/ib_manager/etc/manager-services.sh start