If you use certificates that are generated in-house, self-signed, or signed by a non-established Certificate Authority, they must be registered with each client system that will connect to the TeamForge server. Registration consists of importing custom certificates into the Java runtime’s global keystore on each server.
Collect the server certificates from all servers. On RHEL, CentOS and other RedHat-based distributions, these are contained in
/etc/httpd/conf/ssl.crt/server.crt.Important: Be sure to use exactly this path, as there are other files with similar names, plus server certificates are not really secret, but some other files are. So, files must be copied (e.g., via scp) to the same directory, and renamed if necessary to avoid conflicts. It’s recommended that you use the short server name of the corresponding server for this.
Locate the Java keystore.
PATH_TO_JAVA/jre/lib/security/cacerts. For example, this may be
Locate the Java keytool utility.
Import each server certificate into the keystore.
PATH_TO_JAVA/bin/keytool -import -keystore PATH_TO_JAVA/jre/lib/security/cacerts -file <server>.crt -alias <server>Note: Any value is accepted for server in -alias
- At the password prompt, use
changeit. Confirm that you trust the certificate by typing yes.
- Verify that all your certificates are added.
PATH_TO_JAVA/bin/keytool -list -keystore PATH_TO_JAVA/jre/lib/security/cacerts |lessNote: The list will contain many more certificates. These are top-level CA certificates, provided with Java.
- If you are running more than one separate server, repeat these steps for each server.
- Restart TeamForge
From now on, you can select the Use SSL check box, if required, when creating an SCM integration.