Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >





Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

You can set up TLS certificates to enable encrypted connections from Xray to PostgreSQL or RabbitMQ.  

Panel
titlePage Contents

Table of Contents
maxLevel2
minLevel2
 


Securing PostgreSQL with TLS Support on Xray

  1. Copy these TLS parameters to /var/opt/jfrog/postgres/data/postgresql.conf.

    Code Block
    ssl = on
    ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
    ssl_prefer_server_ciphers = on
    ssl_cert_file = '/full/path/to/postgres/certificates/server.crt'
    ssl_key_file = '/full/path/to/postgres/certificates/server.key'
    ssl_ca_file = '/full/path/to/postgres/certificates/server_ca.crt'
  2. Verify that the certificates have the correct permissions.

    Code Block
    chown postgres /full/path/to/postgres/certificates/* && \
    chgrp postgres /full/path/to/postgres/certificates/* && \
    chmod 600 /full/path/to/postgres/certificates/*
  3. Change the connection string in the /var/opt/jfrog/xray/var/etc/system.yaml file.

    Code Block
    postgres://xray:xray@postgres:5432/xraydb?sslrootcert=/full/path/to/xray/certificates/ca_certificate.crt&sslkey=/full/path/to/xray/certificates/client.key&sslcert=/full/path/to/xray/certificates/client.crt&sslmode=verify-ca
  4. Make sure you have an Xray user and group.

    Code Block
    groupadd -g 1035 xray && \
    adduser xray --uid 1035 --gid 1035
  5. Assign permissions to the certificates.

    Code Block
    chown xray /full/path/to/xray/certificates/* && \
    chgrp xray /full/path/to/xray/certificates/* && \
    chmod 600 /full/path/to/xray/certificates/*
  6. Restart all the Xray services.

    Code Block
    bash /opt/jfrog/xray/scripts/xray.sh restart all

Securing RabbitMQ with TLS Support on Xray

  1. Generate certificates for RabbitMQ and Xray.

    #Create
    Note

    The name "CN=rabbitmq" (which appears twice in the following code) should be a resolvable DNS, and should be used in the system.yaml file when providing the shared.rabbitMq.url (see step 6 below).

    Code Block


    1. Create a

    1. CA

    1. Auth

    1. CSR

    file
    1. file.

      Code Block
      languagebash
      openssl req -new -nodes -text -out ca.csr -keyout ca-key.pem -subj "/CN=certificate-authority"
      
      
    #Create
    1. Create the

    1. server

    Key and Cert
    1. key and cert.

      Code Block
      languagebash
      openssl x509 -req -in ca.csr -text -extfile /etc/ssl/openssl.cnf -extensions v3_ca -signkey ca-key.pem -out ca-cert.pem
      
    1. openssl req -new -nodes -text -out server.csr -keyout server-key.pem -subj "/CN=rabbitmq"
      
    1. openssl x509 -req -in server.csr -text -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
    #Create
    1. Create the

    1. client

    1. CSR

    and Cert
    1. and cert.

      Code Block
      openssl req -new -nodes -text -out client.csr -keyout client-key.pem -subj "/CN=rabbitmq"

    Copy the ca and server certificates to the following directory.

    Code Block
    languagebash
    titleDocker Compose
    ls -ltr <mounted directory>/xray/var/data/rabbitmq/certs/ total 3 -rw-r--r-- 1 999 docker 1704 Oct 11 15:57 server-key.pem -rw-r--r-- 1 999 docker 993 Oct 11 15:57 server-cert.pem -rw-r--r-- 1 999 docker 1127 Oct 11 15:57 ca-cert.pem
    1. 
      openssl x509 -req -in client.csr -text -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem
  2. Create the certs directories under $JFROG_HOME/xray/var/data/server and $JFROG_HOME/xray/var/data/rabbitmq.

    Code Block
    languagebash
    titleDEB / RPM
    ls -ltr /opt/jfrogmkdir $JFROG_HOME/xray/var/data/rabbitmqserver/certs/
    
    total 3
    -rw-r--r-- 1 999 docker 1704 Oct 11 15:57 server-key.pem
    -rw-r-mkdir $JFROG_HOME/xray/var/data/rabbitmq/certs
  3. Copy the ca and server certificates to $JFROG_HOME/xray/var/data/rabbitmq/certs and $JFROG_HOME/xray/var/data/server/certs respectively.

    Linux Archive
    Panel
    Code Block
    languagebash
    titleDocker Compose
    ls -ltr <mounted directory>/xray/var/data/server/certs/
    total 3
    -rw-r--r-- 1 
    999 docker
    xray xray 1127 Oct 11 15:55 ca-cert.pem
    -rw-r--r-- 1 xray xray  993 Oct 11 15:
    57
    55 
    server
    client-cert.pem
    -rw-r--r-- 1 
    999
    xray 
    docker
    xray 
    1127
    1704 Oct 11 15:
    57
    55 
    ca
    client-
    cert
    key.pem
    Code Block
    languagebash
    title
    RPM / DEB
    ls -ltr 
    JFROG_HOME
    /opt/jfrog/xray/var/data/
    rabbitmq
    server/certs/
    total 3
    -rw-r--r-- 1 
    999
    xray 
    docker
    xray 
    1704
    1127 Oct 11 15:
    57
    55 
    server
    ca-
    key
    cert.pem
    -rw-r--r-- 1 
    999
    xray 
    docker
    xray  993 Oct 11 15:
    57
    55 
    server
    client-cert.pem
    -rw-r--r-- 1 
    999
    xray 
    docker
    xray 
    1127
    1704 Oct 11 15:
    57
    55 
    ca
    client-
    cert
    key.pem
    Modify the certificate permissions for the RabbitMQ user.Copy the ca and server certificates to the following directory.Docker Compose
    Code Block
    languagebash
    title
    Linux Archive
    chown
    ls -
    R 999:999 <mounted directory>
    ltr JFROG_HOME/xray/var/data/
    rabbitmq/certs
    Code Block
    languagebash
    titleDEB / RPM
    chown -R xray:xray /opt/jfrog/xray/var/data/rabbitmq/certs
    Code Block
    languagebash
    titleLinux Archive
    ## default user and group is xray:xray
    chown -R <xray user>:<xray group> JFROG_HOME/xray/var/data/rabbitmq/certs
    server/certs/
    total 3
    -rw-r--r-- 1 xray xray 1127 Oct 11 15:55 ca-cert.pem
    -rw-r--r-- 1 xray xray  993 Oct 11 15:55 client-cert.pem
    -rw-r--r-- 1 xray xray 1704 Oct 11 15:55 client-key.pem
    ls -ltr <mounted directory>
    Code Block
    languagebash
    titleDocker Compose
    cp ca-cert.pem server-cert.pem server-key.pem $JFROG_HOME/xray/var/data/
    server
    rabbitmq/certs
    /
    
    
    
    total
    cp 
    3 -rw-r--r-- 1 xray xray 1127 Oct 11 15:55 ca
    ca-cert.pem client-cert.pem
    -rw-r--r--
     
    1 xray xray 993 Oct 11 15:55
    client-
    cert
    key.pem
    -rw-r--r-- 1 xray xray 1704 Oct 11 15:55 client-key.pem
    Code Block
    languagebash
    titleRPM / DEB
    ls -ltr /opt/jfrog/
     $JFROG_HOME/xray/var/data/server/certs
    / total 3 -rw-r--r-- 1 xray xray 1127 Oct 11 15:55 ca-cert.pem -rw-r--r-- 1 xray xray 993 Oct 11 15:55 client-cert.pem -rw-r--r-- 1 xray xray 1704 Oct 11 15:55 client-key.pem
    Code Block
    languagebash
    titleLinux Archive
    ls -ltr JFROG_HOME/xray/var/data/server/certs/
    total 3
    -rw-r--r-- 1 xray xray 1127 Oct 11 15:55 ca-cert.pem
    -rw-r--r-- 1 xray xray  993 Oct 11 15:55 client-cert.pem
    -rw-r--r-- 1 xray xray 1704 Oct 11 15:55 client-key.pem
    Info
    titleFor Self-signed Certificates Only

    To ensure that the client trusts self-signed certificates (only), you will need to perform the following steps according to the OS you are using.

    For Docker

    You will need to mount a root ca bundle into each Xray container:

    Code Block
    languagebash
    volumes:
          - /etc/localtime:/etc/localtime:ro
          - "${ROOT_DATA_DIR}/var:/var/opt/jfrog/xray"
          - /opt/jfrog/xray/app/third-party/rabbitmq/rabbitmq-root-ca.crt:/etc/ssl/certs/ca-certificates.crt

    For Linux Archive/Native OS: Debian 8/9/10, Ubuntu 16/18/20

    Copy your root certificate into /usr/local/share/ca-certificates/ and then run the update-ca-certificates command.

    Code Block
    languagebash
    # cp rabbitmq-root-ca.crt /usr/local/share/ca-certificates/
    # update-ca-certificates
    Updating certificates in /etc/ssl/certs...
    1 added, 0 removed; done.
    Running hooks in /etc/ca-certificates/update.d...Adding debian:rabbitmq-root-ca.pem
    done.
    done.

    For Linux Archive/Native OS: CentOS 6/7/8, RHEL 6/7/8

    Copy your root certificate into /etc/pki/ca-trust/source/anchors/ and then run the update-ca-trust command.

    Code Block
    languagebash
    # cp rabbitmq-root-ca.crt /etc/pki/ca-trust/source/anchors/
    # update-ca-trust

    Note that on CentOS 6/RHEL 6 you will have to run an additional command - update-ca-trust force-enable.

    After you add your own root certificate into the system bundle - you can verify the certificate with the following command:

    Code Block
    languagebash
    # openssl verify -verbose /opt
    Info
    titleFor Self-signed Certificates Only

    To ensure that the client trusts self-signed certificates (only), you will need to perform the following steps according to the OS you are using.

    For Docker

    You will need to mount a root ca bundle into each Xray container:

    Code Block
    languagebash
    volumes:
          - /etc/localtime:/etc/localtime:ro
          - "${ROOT_DATA_DIR}/var:/var/opt/jfrog/xray"
          - /opt/jfrog/xray/app/third-party/rabbitmq/rabbitmq-root-ca.crt:/etc/ssl/certs/ca-certificates.crt

    For Linux Archive/Native OS: Debian 8/9/10, Ubuntu 16/18/20

    Copy your root certificate into /usr/local/share/ca-certificates/ and then run the update-ca-certificates command.

    Code Block
    languagebash
    # cp rabbitmq-root-ca.crt /usr/local/share/ca-certificates/
    # update-ca-certificates
    Updating certificates in /etc/ssl/certs...
    1 added, 0 removed; done.
    Running hooks in /etc/ca-certificates/update.d...Adding debian:rabbitmq-root-ca.pem
    done.
    done.

    For Linux Archive/Native OS: CentOS 6/7/8, RHEL 6/7/8

    Copy your root certificate into /etc/pki/ca-trust/source/anchors/ and then run the update-ca-trust command.

    Code Block
    languagebash
    # cp rabbitmq-root-ca.crt /etc/pki/ca-trust/source/anchors/
    # update-ca-trust

    Note that on CentOS 6/RHEL 6 you will have to run an additional command - update-ca-trust force-enable.

    After you add your own root certificate into the system bundle - you can verify the certificate with the following command:

    Code Block
    languagebash
    # openssl verify -verbose /opt/jfrog/xray/var/data/server/certs/rabbitmq-client.crt
    /opt/jfrog/xray/var/data/server/certs/rabbitmq-client.crt: OK
    
    # openssl verify -verbose /opt/jfrog/xray/var/data/rabbitmq/certs/rabbitmq-server.crt
    /opt/jfrog/xray/var/data/rabbitmq/certs/rabbitmq-server.crt: OK
    Otherwise we will get the error
    
    # openssl verify -verbose /opt/jfrog/xray/var/data/server/certs/rabbitmq-client.crt
    /opt/jfrog/xray/var/data/server/certs/rabbitmq-client.crt: CN = rabbitmq
    error 20 at 0 depth lookup:unable to get local issuer certificate
    
    # openssl verify -verbose /opt/jfrog/xray/var/data/rabbitmq/certs/rabbitmq-server.crt
    /opt/jfrog/xray/var/data/serverrabbitmq/certs/rabbitmq-client.crt
    /opt/jfrog/xray/var/data/server/certs/rabbitmq-client.crt: OK
    
    # openssl verify -verbose /opt/jfrog/xray/varserver.crt: CN = rabbitmq
    error 20 at 0 depth lookup:unable to get local issuer certificate
  4. Modify the certificate permissions for the RabbitMQ user.

    Panel
    Code Block
    languagebash
    titleDocker Compose
    chown -R 999:999 <mounted directory>/xray/var/data/rabbitmq/certs/rabbitmq-server.crt
    
    Code Block
    languagebash
    titleDEB / RPM
    chown -R xray:xray /opt/jfrog/xray/var/data/rabbitmq/certs/rabbitmq-server.crt: OK
    Otherwise we will get the error
    
    # openssl verify -verbose /opt/jfrog
    Code Block
    languagebash
    titleLinux Archive
    ## default user and group is xray:xray
    chown -R <xray user>:<xray group> JFROG_HOME/xray/var/data/serverrabbitmq/certs/rabbitmq-client.crt
    
  5. Modify the certificate permissions for the Xray user.

    Panel
    Code Block
    languagebash
    titleDocker Compose
    chown -R 1035:1035 <mounted directory>/xray/var/data/server/certs
    Code Block
    languagebash
    titleRPM / DEB
    chown -R xray:xray /opt/jfrog/xray/var/data/server/certs/rabbitmq-client.crt: CN = rabbitmq
    error 20 at 0 depth lookup:unable to get local issuer certificate
    
    # openssl verify -verbose /opt/jfrog
    Code Block
    titleLinux Archive
    ## default user and group is xray:xray
    chown -R <xray user>:<xray group> JFROG_HOME/xray/var/data/rabbitmqserver/certs/rabbitmq-server.crt
    //
  6. Modify /opt/jfrog/xray/var/

    data/rabbitmq/certs/rabbitmq-server.crt: CN = rabbitmq error 20 at 0 depth lookup:unable to get local issuer certificate

    Modify the certificate permissions for the Xray user.

    Code Block
    languagebash
    titleDocker Compose
    chown -R 1035:1035 <mounted directory>/xray/var/data/server/certs
    Code Block
    languagebash
    titleRPM / DEB
    chown -R xray:xray /opt/jfrog/xray/var/data/server/certs/
    Code Block
    titleLinux Archive
    ## default user and group is xray:xray
    chown -R <xray user>:<xray group> JFROG_HOME/xray/var/data/server/certs/
    Modify /opt/jfrog/xray/var/etc/system.yaml (under the shared folder) in the following way. Anchorsystem.yamlsystem.yaml Code Blockshared: rabbitMq: url: amqps://9fac35$aes256$xt92Y4pRTJ5WVXOZNVv0shared: rabbitMq:

    etc/system.yaml (under the shared folder) according to your configuration. Do not overwrite existing lines in the file

    Anchor
    system.yaml
    system.yaml

    Code Block
    shared:
        rabbitMq:
            url: amqps://guest:<rabbitmq-password>@rabbitmq:5671
            autoStop: true
                ## By default RabbitMQ will always be running; "autoStop" will make sure that RabbitMQ stops along with the Xray service
                ## This is applicable only to non-Docker Compose installers
           url: amqps://9fac35$aes256$xt92Y4pRTJ5WVXOZNVv0_39M83TDfH08AfkopDCyveU9HeZFo7lT@rabbitmq:5671/ node:
        clientCaCertFilePath:         rabbitmqConf:
                    - name: ssl_options.cacertfile
                      value: /var/opt/jfrog/xray/data/serverrabbitmq/certs/ca-cert.pem
          clientCertFilePath: /opt/jfrog/xray/data/server/certs/client-cert.pem
        clientCertKeyFilePath:           - name: ssl_options.certfile
                      value: /var/opt/jfrog/xray/data/serverrabbitmq/certs/clientserver-keycert.pem
         ## By default RabbitMQ will always be running; "autoStop"  will make- sure that RabbitMQ stops along with the Xray service
    name: ssl_options.keyfile
               ## This is applicable only to non-Docker Compose installersvalue: /var/opt/jfrog/xray/data/rabbitmq/certs/server-key.pem
        autoStop: true
        node:
           - rabbitmqConf:name: ssl_options.verify
               - name: ssl_options.cacertfile
           value: verify_peer
        value: /opt/jfrog/xray/var/data/rabbitmq/certs/ca-cert.pem
               - name: ssl_options.certfile
    fail_if_no_peer_cert
                      value: /opt/jfrog/xray/var/data/rabbitmq/certs/server-cert.pem
    false
                    - name: ssl_options.keyfile
    management.listener.ssl
                      value: /opt/jfrog/xray/var/data/rabbitmq/certs/server-key.pem
    true
                    - name: listeners.ssl_options.verifydefault
               value: verify_peer
          value: 5671
        - name: ssl_options.fail_if_no_peer_certclientCaCertFilePath: "/var/opt/jfrog/xray/data/server/certs/ca-cert.pem"
               value: false
               - name: management.listener.sslclientCertFilePath: "/var/opt/jfrog/xray/data/server/certs/client-cert.pem"
               value: true
               - name: listeners.ssl.default
               value: 5671_39M83TDfH08AfkopDCyveU9HeZFo7lT@rabbitmq:5671/
        clientCaCertFilePath: /opt/jfrog/xray/data/clientCertKeyFilePath: "/var/opt/jfrog/xray/data/server/certs/caclient-cert.pem
        clientCertFilePath: /opt/jfrog/xray/data/server/certs/client-cert.pem
        clientCertKeyFilePath: /opt/jfrog/xray/data/server/certs/client-key.pem
        ## By default RabbitMQ will always be running; "autoStop" will make sure that RabbitMQ stops along with the Xray service
        ## This is applicable only to non-Docker Compose installers 
        autoStop: true
        node:
          rabbitmqConf:
            - name: ssl_options.cacertfile
            value: /opt/jfrog/xray/var/data/rabbitmq/certs/ca-cert.pem
            - name: ssl_options.certfile
            value: /opt/jfrog/xray/var/data/rabbitmq/certs/server-cert.pem
            - name: ssl_options.keyfile
            value: /opt/jfrog/xray/var/data/rabbitmq/certs/server-key.pem
            - name: ssl_options.verify
            value: verify_peer
            - name: ssl_options.fail_if_no_peer_cert
            value: false
            - name: management.listener.ssl
            value: true
            - name: listeners.ssl.default
            value: 5671
  7. Enable the TLS connection to RabbitMQ in Xray using the REST API.
  8. This step is applicable only for Docker Compose. 

    Code Block
    cd  <path to extracted compose directory>/jfrog-xray-<version>-compose/
    Code Block
    languagebash
    ## Export the TLS port in the docker-compose-rabbitmq.yaml (docker-compose.yaml for older versions of 3.x) and add under services -> rabbitmq -> ports.
    - 5671:5671
    Code Block
    # Restart RabbitMQ services
    docker-compose -p xray-rabbitmq -f docker-compose-rabbitmq.yaml down
    docker-compose -p xray-rabbitmq -f docker-compose-rabbitmq.yaml up -d
  9. Restart Xray services.

    Code Block
    languagebash
    titleDocker Compose
    docker-compose -p xray -f docker-compose.yaml down
    docker-compose -p xray -f docker-compose.yaml up -d
    Code Block
    languagebash
    titleRPM / DEB
    systemctl stop xray.service
    systemctl start xray.service
    
    ## For Centos 6 and RHEL 6
    # service xray stop
    # service xray start 
    Code Block
    languagebash
    titleLinux Archive
    /opt/jfrog/xray/bin/xray.sh stop
    /opt/jfrog/xray/bin/xray.sh start 
    Note
    titleManagement Console Address with TLS
    When TLS is enabled, the Management Console is located in https://<HOST>:15672
    key.pem"

    Replace <rabbitmq-password> with your own RabbitMQ password. If you use a different user in RabbitMQ, replace the guest user with your own user in the shared.rabbitMq.url value.


  10. Create a JSON file with the following content to enable the TLS connection to RabbitMQ in Xray using the REST API.

    Code Block
    languageyml
    {
    
        "sslInsecure": false,
    
        "maxDiskDataUsage": 80,
    
        "monitorSamplingInterval": 300,
    
        "mailNoSsl": false,
    
        "messageMaxTTL": 7,
    
        "jobInterval": 86400,
    
        "allowSendingAnalytics": true,
    
        "httpsPort": 443,
    
        "enableTlsConnectionToRabbitMQ": true,
    
        "httpClientMaxConnections": 50,
    
        "httpClientMaxIdleConnections": 20,
    
        "jsFilesBatch": 20
    
    }
  11. Run the REST API call using the JSON file you created in the previous step to enable the TLS connection to RabbitMQ in Xray using the REST API.

    Code Block
    languagebash
    curl -u<username>:<password> -d @<your_json_file>.json -H "Content-Type: application/json" -X PUT http://<artifactory_url>/xray/api/v1/configuration/systemParameters

    Replace <username> and <password> with an admin user and password credentials for Artifactory, the <your_json_file>.json with the name of the JSON file you created in the previous step and the <artifactory_url> with the actual Artifactory URL address.

    Run the following steps to enable the TLS connection to RabbitMQ in Xray if you use Docker Compose.

    Panel
    titleDocker Compose
    Code Block
    cd  <path to extracted compose directory>/jfrog-xray-<version>-compose/
    Code Block
    languagebash
    ## Export the TLS port in the docker-compose-rabbitmq.yaml (docker-compose.yaml for older versions of 3.x) and add under services -> rabbitmq -> ports.
    - 5671:5671
    Code Block
    # Restart RabbitMQ services
    docker-compose -p xray-rabbitmq -f docker-compose-rabbitmq.yaml down
    docker-compose -p xray-rabbitmq -f docker-compose-rabbitmq.yaml up -d
  12. Restart Xray services.

    Panel
    Code Block
    languagebash
    titleDocker Compose
    docker-compose -p xray -f docker-compose.yaml down
    docker-compose -p xray -f docker-compose.yaml up -d
    Code Block
    languagebash
    titleRPM / DEB
    systemctl stop xray.service
    systemctl start xray.service
    
    ## For Centos 6 and RHEL 6
    # service xray stop
    # service xray start 
    Code Block
    languagebash
    titleLinux Archive
    /opt/jfrog/xray/bin/xray.sh stop
    /opt/jfrog/xray/bin/xray.sh start 
  13. After Xray services are up and running, you can verify if RabbitMQ is accessible through https://<xray-ipaddress-or-hostname>:15672.

Troubleshooting RabbitMQ with TLS in Xray

If you encounter any errors or issues you might find the following troubleshooting tops helpful,

  • Ensure that you have the proper certificates and that their location is correct. The $JFROG_HOME variable refers to the directory in which Xray is installed. The default is /opt/jfrog
  • In some operating systems, the openssl.cnf file may be located in a different location than /etc/ssl/openssl.cnf. Use the find command to find it in your system.
    Code Block
    languagebash
    find / -name openssl.cnf
  • Check that all the certificates are owned by the user and group xray. If you are using a different user and group to run Xray, ensure this user is the owner of the files.
  • The YAML files must have proper indentation with the same amount of spaces across the entire file. Ensure the Xray system.yaml file is properly indented and that the syntax is correct. Also, check that the details are correct such as passwords, paths, and URLs are correct in the YAML file.
  • A successful REST API call requires an Artifactory admin user.
  • Check the logs to find additional information to help in further troubleshooting any issues. The logs directory is $JFROG_HOME/xray/var/log. The recommended logs to look at are the console.log, xray-server-service.log, and the RabbitMQ logs in the rabbitmq directory.

Trusting Self-Signed Certificates

When an Xray instance/node is configured to go through an SSL proxy that uses a self-signed certificate, you may encounter the following issue when performing tasks such as an online database sync:

Code Block
languagebash
2021-07-20T14:47:47.500Z [33m[jfxr ][0m [1m[31m[ERROR][0m [c080f44e606d159 ] [samplers:91                   ] [main                ] Failed to read response from jxrayUrl. Error: Get "https://jxray.jfrog.io/api/v1/system/ping": x509: certificate signed by unknown authority
  1. To overcome this issue, you will need to import the Proxy certificate into each Xray instance/pod by placing it under the following path within the Xray machine/container/pods:/etc/ssl/certs/.
  2. Next, you will need to restart Xray.
    The path shown above is the default directory used by Go applications (such as Xray) when importing SSL certificates.
Copyright © 2022 JFrog Ltd.