Download/acquire the certificate(s) of the SSL secured server openssl s_client -connect <secure authentication server IP and port> -showcerts < /dev/null > server.ca.
Info title Examples
RED HAT CDN
LDAP or Active Directory:
openssl s_client -connect the.ldap.server.net:636 -showcerts < /dev/null > server.ca
- Identify the CA certificate and keep only the ascii-text between BEGIN/END CERTIFICATE makerIdentify the standard
cacertsfile of your Java installation
- Create a custom
cacertsfile by copying the
cacertsfile to the Artifactory configuration dir, e.g.
. This may vary depending on the installation and its usually under JAVA_HOME/jre/lib/security.
Example : cp /usr/lib64/jvm/java-1_6_0-ibm-1.6.0/jre/lib/security/cacerts /etc/opt/jfrog/artifactory/
- Import the CA certificate into the customized cacerts file. Note you can store the cacerts in any location as long as you can access it and link it to the JVM on startup.
keytool -import -alias myca -keystore /etc/opt/jfrog/artifactory/cacerts -trustcacerts -file server.ca
=> Password: changeit
=> Agree to add the certificate
- Change permissions for the
chmod 755 /etc/opt/jfrog/artifactory/cacerts
chown artifactory:users /etc/opt/jfrog/artifactory/cacerts
- Modify the defaults of the Artifactory JVM to use the custom
cacertsfile OR you could change the startup script to include the cacerts in the JAVA_OPTIONS.
echo "export JAVA_OPTIONS=\"\$JAVA_OPTIONS -Djavax.net.ssl.trustStore=/etc/opt/jfrog/artifactory/cacerts\"" >> /etc/opt/jfrog/artifactory/default
- Restart Artifactory