YouTrack Server 2023.3 Help

SSL Certificates

YouTrack lets you import a trusted SSL certificate from an external service. These certificates identify the external service as a trusted source and let you establish a secure connection between YouTrack and the third-party server.

You can also import a keystore to YouTrack. The keystore identifies YouTrack as a client when it tries to connect to a third party. Keystores are managed on a separate page in YouTrack. For more information, see SSL Keys.

When you integrate other applications with your YouTrack server over SSL, you need to import the SSL certificates that verify the identity of the connected service. Trusted SSL certificates are commonly used for the following features:

  • When you enable SMTP notifications or set up a mailbox integration using a secure mail server, you may need to import the certificate for your mail server. When a certificate is signed by a well-known authority, the public key and certificate are already stored in the web browser. If the certificate for your mail server is self-signed, you need to import the certificate and public key to establish a secure connection.

  • If you connect to a self-hosted VCS server, you need to import the certificate for the private VCS server.

  • If you enable a GitHub auth module or an LDAP auth module over SSL, you need to import the certificate for your authentication server.

To access trusted certificates that have been imported to your YouTrack server, open the Administration menu and select Server Settings > SSL Certificates.

trusted SSL certificates

The following controls are available on this page:

Control

Description

Import Trusted Certificate

Click to import a certificate from your local directory.

View Certificate Properties

Click the name of a certificate to view its properties. Here, you can also edit the name that is assigned to the certificate.

Delete

Click the delete icon to remove a certificate from YouTrack. Use this option to remove certificates that are expired or no longer in use.

Self-signed Certificates

YouTrack lets you import and trust self-signed certificates. In general, you should use a self-signed certificate only for testing or on an internal corporate network where all the traffic between services is protected by a firewall and reverse proxy server.

Untrusted Certificates

When YouTrack tries to establish a connection with a third-party server for which it does not have a certificate, the connection is not established. This situation occurs when a new certificate has been issued for the service that has not been imported to YouTrack. YouTrack stores this certificate in an untrusted state. If you recognize the certificate source and want to re-establish the connection, you can change the status of the certificate to trusted.

Import a Trusted SSL Certificate

When you want to establish a secure connection between YouTrack and a third-party service, you need to import the SSL certificate that contains the public key of the third party. You can generate the key and certificate pair using an application like the Java keytool or PuTTY. If the application is accessible from a web browser, you can view and copy the certificate from your browser window.

YouTrack accepts binary DER encoded certificates. These files use the .der, .cer, and .crt extensions.

To import a trusted SSL certificate:

  1. From the Administration menu, select Server Settings > SSL Certificates.

  2. Click the Import trusted certificate button.

  3. In the Import Trusted Certificate dialog, enter a name for the certificate.

  4. Click the Choose file button and select the certificate file from your local directory.

    import trusted SSL certificate
  5. Click the Import button.

    • The certificate is added to YouTrack.

Last modified: 22 March 2024