Using Artifactory 5.x ?
JFrog Artifactory 5.x User Guide

Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata


For several security features that you want to use over a secure connection (such as LDAPS, Secure Active Directory, or Secure OAuth), you may configure Artifactory to allow a non-trusted self-signed certificate

Page Contents

Configuring a Self-Signed Certificate

If you want to use a non-trusted (self-signed) certificate, please follow the steps below (thanks to Marc Schoechlin for providing this information):

  1. Download the CA of the ssl secured server
    openssl s_client -connect <secure authentication server IP and port> -showcerts < /dev/null >


    LDAP or Active Directory:
    openssl s_client -connect -showcerts < /dev/null >

    OAuth (Use the Authorization URL). For example, with GitHub:
    openssl s_client -connect -showcerts < /dev/null > 

  2. Identify the CA certificate and keep only the ascii-text between BEGIN/END CERTIFICATE maker
  3. Identify the standard cacerts file of your Java installation
  4. Create a custom cacerts file by copying the cacerts file to the Artifactory configuration dir, e.g.
    cp /usr/lib64/jvm/java-1_6_0-ibm-1.6.0/jre/lib/security/cacerts /etc/opt/jfrog/artifactory/
  5. Import the CA certificate into the customized cacerts file
    keytool -import -alias myca -keystore /etc/opt/jfrog/artifactory/cacerts -trustcacerts -file
    => Password: changeit
    => Agree to add the certificate
  6. Change permissions for the artifactory user
    chmod 755 /etc/opt/jfrog/artifactory/cacerts
    chown artifactory:users /etc/opt/jfrog/artifactory/cacerts
  7. Modify the defaults of the Artifactory JVM to use the custom cacerts file
    echo "export JAVA_OPTIONS=\"\$JAVA_OPTIONS\"" >> /etc/opt/jfrog/artifactory/default
  8. Restart Artifactory




  • No labels