MacOS Jenkins: Locate JRE and import self-signed certificate

Newbie here with macOS.

We installed Jenkins on MacOS.

I need to know which JREs and cacerts it uses, because I need to import the self-signed certificate of GitHub Enterprise Server for integration. I have an SSL error and am trying to follow the Resolving PKIX-path-building-failed-error-message guide I successfully completed in Windows .

In a Windows Jenkins installation, it has its own JENKINS_HOME/jre folder where lib/security/cacerts can be found.

Question 1 : Where/how to find the jre used by Jenkins in MacOS?

What I've found so far is that in java_home

/usr/libexec/java_home

But this one I'm not so sure about because my next step fails with results.

Question 2 : How to add the truststore and password of the modified cacerts file to the jenkins startup?

Using jre in /usr/libexec/java_home, I have copied /jre/lib/security/cacerts to my JENKINS_HOME/custom-keystore/cacerts and imported the self-signed certificate there.

sudo keytool -importcert -alias github -file JENKINS_HOME/custom-keystore/selfsigned.cer -keystore JENKINS_HOME/custom-keystore/cacerts

After that, I modified the Jenkins startup parameters:

-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacert
-Djavax.net.ssl.trustStorePassword=changeit

use:

defaults write /Library/Preferences/org.jenkins-ci.plist Djavax.net.ssl.keyStore JENKINS_HOME/custom-keystore/cacerts
defaults write /Library/Preferences/org.jenkins-ci.plist Djavax.net.ssl.keyStorePassword changeit

Then restart Jenkins with:

sudo launchctl unload /Library/LaunchDaemons/org.jenkins-ci.plist
sudo launchctl load /Library/LaunchDaemons/org.jenkins-ci.plist

After this, I ran into various issues:

1. Proxy issue - (solved after adding server URL in proxy list - macOS network configuration)

2. GitHub and other previously successful integrations now give the following error:

   javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Other Questions Am I missing something in my steps?

Is the way I am adding parameters at Jenkins startup the correct way? (In Windows, I just modified jenkins.xml to also use parameters with "-", which doesn't seem to be needed here?)

Do I have to reboot the system since I'm using the Launch Daemon instead of the Launch Agent? - Or should the default unload and load be enough to apply the changes?