Need help with other JFrog products?
For several security features that you want to use over a secure connection (such as LDAPS, Secure Active Directory, or Secure OAuth), you may configure Artifactory to allow a non-trusted self-signed certificate
Configuring a Self-Signed Certificate
For outbound Artifactory connections (remote repositories, external authentication servers...) intended for SSL self-signed/internal CA signed certificates URL endpoints, you may use use one of the following ways to establish trusts based on your certificates:
- Use the instructions described on Oracle's documentation to import a single/chain of certificates to your JVM's keystore.
- Point Artifactory to use a custom certificate store. Follow the steps below (thanks to Marc Schoechlin for providing this information):
Download/acquire the certificate(s) of the SSL secured server openssl s_client -connect <secure authentication server IP and port> -showcerts < /dev/null > server.ca
- Identify the CA certificate and keep only the ascii-text between BEGIN/END CERTIFICATE maker
- Identify the standard
cacertsfile of your Java installation
- Create a custom
cacertsfile by copying the
cacertsfile to the Artifactory configuration dir, e.g.
cp /usr/lib64/jvm/java-1_6_0-ibm-1.6.0/jre/lib/security/cacerts /etc/opt/jfrog/artifactory/
- Import the CA certificate into the customized cacerts file
keytool -import -alias myca -keystore /etc/opt/jfrog/artifactory/cacerts -trustcacerts -file server.ca
=> Password: changeit
=> Agree to add the certificate
- Change permissions for the
chmod 755 /etc/opt/jfrog/artifactory/cacerts
chown artifactory:users /etc/opt/jfrog/artifactory/cacerts
- Modify the defaults of the Artifactory JVM to use the custom
echo "export JAVA_OPTIONS=\"\$JAVA_OPTIONS -Djavax.net.ssl.trustStore=/etc/opt/jfrog/artifactory/cacerts\"" >> /etc/opt/jfrog/artifactory/default
- Restart Artifactory