The instructions on this page describe how to upload SSL certificates for third-party sites that are connected to your YouTrack installation. These certificates support integrations with version control systems, authentication providers, and other external services.
If you're looking to upload and install an SSL/TLS certificate that provides secure HTTPS access to your YouTrack server, this operation is only supported during installation and upgrade, or using CLI tools on your host server. For specific instructions, see Secure the Connections to Your YouTrack Server.
YouTrack lets you import a trusted SSL certificate from an external service. These certificates identify the external service as a trusted source and let you establish a secure connection between YouTrack and the third-party server.
You can also import a keystore to YouTrack. The keystore identifies YouTrack as a client when it tries to connect to a third party. Keystores are managed on a separate page in YouTrack. For more information, see SSL Keys.
note
External Hub
When YouTrack Server uses an external Hub service, you manage trusted SSL certificates and SSL keystores in Hub, not YouTrack. The SSL Certificates and SSL Keystores options in the Administration menu redirect you to pages in Hub. For information that is specific to an external Hub service, refer to the Hub documentation.
A YouTrack installation that is connected to an external Hub service also needs a valid copy of the SSL certificate for the Hub server. However, you can't manage the certificate for your Hub server on the SSL Certificates page in YouTrack. That's because the YouTrack service won't start unless it can establish a trusted connection to Hub. If you update or renew the certificate for your Hub server, you need to import it into the keystore for YouTrack manually. For instructions, see Update the Certificate for Your Hub Server.
When you integrate other applications with your YouTrack server over SSL, you need to import the SSL certificates that verify the identity of the connected service. Trusted SSL certificates are commonly used for the following features:
When you enable SMTP notifications or set up a mailbox integration using a secure mail server, you may need to import the certificate for your mail server. When a certificate is signed by a well-known authority, the public key and certificate are already stored in the web browser. If the certificate for your mail server is self-signed, you need to import the certificate and public key to establish a secure connection.
If you connect to a self-hosted VCS server, you need to import the certificate for the private VCS server.
To access trusted certificates that have been imported to your YouTrack server, open the Administration menu and select Server Settings > SSL Certificates.
The following controls are available on this page:
Control
Description
Import Trusted Certificate
Click to import a certificate from your local directory.
View Certificate Properties
Click the name of a certificate to view its properties. Here, you can also edit the name that is assigned to the certificate.
Delete
Click the delete button to remove a certificate from YouTrack. Use this option to remove certificates that are expired or no longer in use.
Self-signed Certificates
YouTrack lets you import and trust self-signed certificates. In general, you should use a self-signed certificate only for testing or on an internal corporate network where all the traffic between services is protected by a firewall and reverse proxy server.
Untrusted Certificates
When YouTrack tries to establish a connection with a third-party server for which it does not have a certificate, the connection is not established. This situation occurs when a new certificate has been issued for the service that has not been imported to YouTrack. YouTrack stores this certificate in an untrusted state. If you recognize the certificate source and want to re-establish the connection, you can change the status of the certificate to trusted.
Import a Trusted SSL Certificate
When you want to establish a secure connection between YouTrack and a third-party service, you need to import the SSL certificate that contains the public key of the third party. You can generate the key and certificate pair using an application like the Java keytool or PuTTY. If the application is accessible from a web browser, you can view and copy the certificate from your browser window.
YouTrack accepts binary DER encoded certificates. These files use the .der, .cer, and .crt extensions.
tip
Requires permissions: Low-level Admin Write
To import a trusted SSL certificate:
From the Administration menu, select Server Settings > SSL Certificates.
Click the Import trusted certificate button.
In the Import Trusted Certificate dialog, enter a name for the certificate.
Click the Choose file button and select the certificate file from your local directory.