reference:

reference

integration with pipeline

aql

Jenkins Artifactory Plugin AQL download latest artifact matching pattern

example

Artifactory SSL Certification

get remote cert

$ openssl s_client -showcerts -connect <domain.com>:<port>

#i.e.
$ echo -n |
       openssl s_client -connect <domain.com>:<port> -debug |
       sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <domain>.crt
# or
$ keytool -printcert \
          -rfc \
          -sslserver <domain.com>:<port> > <domain>.crt
# or
# https://www.howtouselinux.com/post/openssl-command-to-generate-view-check-certificate
$ echo -n |
       openssl s_client \
              [-servername <domain.com>] \
              -connect <domain.com>:<port> 2>/dev/null |
       openssl x509

Note

if issue (i:) is the same as subject (s:). Therefore, this is the root certificat. i.e. :

$ openssl s_client -connect cdn.redhat.com:443 -showcerts < /dev/null
Certificate chain
 0 s:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = cdn.redhat.com
   i:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
 1 s:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com
   i:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
 2 s:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
   i:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

import to truststore

$ sudo keytool -importcert \
               -keystore /usr/local/java/jdk1.8.0_60/jre/lib/security/cacerts \
               -storepass changeit \
               -file <domain>.crt \
               -alias "<domain>-crt"

configuration

allow partial folder in particular repo

allow temp && demo, and disallow sprint && weekly
1.4.6.1 -- allow temp && demo, and disallow sprint && weekly

access token

generating expirable tokens

  • from version 7.21.1, this can be specified by setting the token.max-expiry parameter in the $JFROG_HOME/artifactory/var/etc/artifactory/access.config.yml file ( prior to version 7.21.1, the parameter to set was artifactory.access.token.non.admin.max.expires.in ).
  • if the token.max-expiry is equal to 0 (which is the default), there is no limitation to the token expiry. However, if the maximum expiry is greater than 0, the user cannot create a non-expirable token.
  • the token.max-expiry parameter must be set to a value higher than the token.default-expiry parameter value.
Copyright © marslo 2020-2023 all right reserved,powered by GitbookLast Modified: 2024-03-12 15:01:28

results matching ""

    No results matching ""