YouTrack Standalone 2020.2 Help

TLS Server Certificates and Keystores

To secure the connection to your YouTrack server with the built-in TLS, you must have a server certificate and private key, or a keystore.

For a production environment, we urge you to obtain an SSL certificate from a trusted Certificate Authority.

However, for testing and evaluation purposes, you can use a self-signed certificates. There are several tools that let you create SSL keys and certificates. This page describes a procedure for creating a self-signed server certificate with the OpenSSL toolkit.

Create a Self-signed Server Certificate

Create a self-signed server certificate with the OpenSSL

  1. Generate a new 2048 bit RSA key:

    openssl genrsa -out YouTrack_Server_TLS.pem 2048

  2. Generate a certificate request for the generated key:
    openssl req -new -key YouTrack_Server_TLS.pem -out YouTrack_Server_TLS_req.csr

    As the Common Name parameter, set the fully-qualified domain name (FQDN) of your server. The service will be available through the generated server certificate by the URL:

    https://<FQDN of your server>:<port>/
  3. To generate a certificate of the v3 version, you need to preliminary create a configuration file and provide it during the certificate generation. Create a text configuration file, let's name it v3.ext, with the following content:

    authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

  4. Generate a certificate (of the version v3):

    openssl x509 -in YouTrack_Server_TLS_req.csr -out YouTrack_Server_TLS_cert.pem -req -signkey YouTrack_Server_TLS.pem -days 3650 -extfile v3.ext

Result: You have a self-signed server certificate YouTrack_Server_TLS_cert.pem and its private key that are ready for upload to YouTrack. Now, during installation or upgrade, on the Confirm Settings step of the web-based configuration wizard:

  1. Open the HTTPS > Private key and certificate settings.

  2. Upload the created YouTrack_Server_TLS.pem file as the private key.

  3. Upload the created YouTrack_Server_TLS_cert.pem as the certificate.

Last modified: 1 July 2020