YouTrack Server 2024.3 Help

TLS Server Certificates and Keystores

To secure the connection to your YouTrack server with the built-in TLS, you must have a server certificate and private key, or a keystore.

For a production environment, we urge you to obtain an SSL certificate from a trusted Certificate Authority.

However, for testing and evaluation purposes, you can use a self-signed certificate. There are several tools that let you create SSL keys and certificates. This page describes a procedure for creating a self-signed server certificate with the OpenSSL toolkit.

Create a Self-signed Server Certificate

To create a self-signed server certificate using OpenSSL:

  1. Generate a new 2048-bit RSA key:

    openssl genrsa -out YouTrack_Server_TLS.pem 2048
  2. Generate a certificate request for the generated key:

    openssl req -new -key YouTrack_Server_TLS.pem -out YouTrack_Server_TLS_req.csr

    As the Common Name parameter, set the fully qualified domain name (FQDN) of your server. The service will be available through the generated server certificate by the URL:

    https://<FQDN of your server>:<port>/
  3. To generate a certificate of the v3 version, you must first create a configuration file and provide it during the certificate generation. Create a text configuration file, let's name it v3.ext, with the following content:

    authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
  4. Generate a v3 certificate:

    openssl x509 -in YouTrack_Server_TLS_req.csr -out YouTrack_Server_TLS_cert.pem -req -signkey YouTrack_Server_TLS.pem -days 3650 -extfile v3.ext

    Result: You have a self-signed server certificate YouTrack_Server_TLS_cert.pem and its private key that are ready for upload to YouTrack. To secure your installation, upload the private key and certificate during a standard installation or upgrade.

To install the certificate and private key:

  1. Start a standard installation or upgrade procedure that is appropriate for your current installation and operating system. For specific instructions, see Installation and Upgrade.

  2. Once the web-based configuration wizard launches, select the option to Set up or Upgrade your installation.

    Installation options in the configuration wizard.
  3. On the Confirm Settings page, switch to the HTTPS configuration. In the Server Certificate section, switch to the Private key and certificate settings.

    Installation options in the configuration wizard.
  4. For the Private key, upload the newly created YouTrack_Server_TLS.pem file.

  5. For the Certificate, upload the newly created YouTrack_Server_TLS_cert.pem file.

  6. Continue with the standard installation or upgrade. When done, traffic to your YouTrack server is secured using the self-signed certificate.

Last modified: 09 October 2024