Have a question? Want to report an issue? Contact JFrog support

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Download/acquire the certificate(s) of the SSL secured server openssl s_client -connect <secure authentication server IP and port> -showcerts < /dev/null > server.ca.

    Info
    titleExamples

    RED HAT CDN

    openssl s_client -connect cdn.redhat.com:443  -showcerts < /dev/null > server.ca

    LDAP or Active Directory:
    openssl s_client -connect the.ldap.server.net:636 -showcerts < /dev/null > server.ca


    OAuth (Use the Authorization URL). For example, with GitHub:
    openssl s_client -connect github.com:443/login/oauth/authorize -showcerts < /dev/null > server.ca 

  2. Identify the CA certificate and keep only the ascii-text between BEGIN/END CERTIFICATE makerIdentify the standard cacerts file of your Java installation
  3. Create a custom cacerts file by copying the cacerts file to the Artifactory configuration dir, e.g.
    . This may vary depending on the installation and its usually under JAVA_HOME/jre/lib/security.
    Example : cp /usr/lib64/jvm/java-1_6_0-ibm-1.6.0/jre/lib/security/cacerts /etc/opt/jfrog/artifactory/
  4. Import the CA certificate into the customized cacerts file. Note you can store the cacerts in any location as long as you can access it and link it to the JVM on startup.
    keytool -import -alias myca -keystore /etc/opt/jfrog/artifactory/cacerts -trustcacerts -file server.ca
    => Password: changeit
    => Agree to add the certificate
  5. Change permissions for the artifactory user
    chmod 755 /etc/opt/jfrog/artifactory/cacerts
    chown artifactory:users /etc/opt/jfrog/artifactory/cacerts
  6. Modify the defaults of the Artifactory JVM to use the custom cacerts file OR  you could change the startup script to include the cacerts in the JAVA_OPTIONS.
    echo "export JAVA_OPTIONS=\"\$JAVA_OPTIONS -Djavax.net.ssl.trustStore=/etc/opt/jfrog/artifactory/cacerts\"" >> /etc/opt/jfrog/artifactory/default
  7. Restart Artifactory

...