To trust a new certificate, add the certificate to the $JFROG_HOME/<product>/var/etc/security/keys/trusted
directory of every service that needs to trust it.
Alternatively, you an also add the certificate to each application's KeyStore. For example, to add a certificate into the JFrog Artifactory KeyStore, you can add it directly to the host's JVM's trusted KeyStore.
For HA setup, you need to add the certificate to every node's trusted directory or KeyStore. The Certificates are not propagated between HA nodes automatically. |
When an Xray instance/node is configured to go through an SSL proxy that uses a self-signed certificate, you may encounter the following issue when performing tasks such as an online database sync:
2021-07-20T14:47:47.500Z [33m[jfxr ][0m [1m[31m[ERROR][0m [c080f44e606d159 ] [samplers:91 ] [main ] Failed to read response from jxrayUrl. Error: Get "https://jxray.jfrog.io/api/v1/system/ping": x509: certificate signed by unknown authority |
/etc/ssl/certs/
.To download/acquire the certificate(s) of the SSL secured server, use the following command:
openssl s_client -connect <secure authentication server IP and port> -showcerts < /dev/null > server.crt |
openssl s_client -connect cdn.redhat.com:443 -showcerts < /dev/null > server.crt |
openssl s_client -connect the.ldap.server.net:636 -showcerts < /dev/null > server.crt |
openssl s_client -connect github.com:443 -showcerts < /dev/null > server.crt |