Update the Certificate for Your Hub Server
To exchange information with an external Hub service over a secure connection, YouTrack stores a copy of the SSL certificate for the Hub server in its internal keystore. If the SSL certificate for the Hub server is updated or renewed, YouTrack may no longer trust the connection to the Hub service.
If YouTrack can't establish a trusted connection to Hub, the YouTrack server fails to start. When you try to run YouTrack, you encounter a Server SSL certificate not trusted error. To resolve this issue, you need to import the updated Hub certificate into the internal keystore for YouTrack. This operation is performed by applying a command to the YouTrack server.
There are a few situations where you need to update a Hub certificate in YouTrack.
The SSL certificate for your Hub server has expired. You need to replace the expired certificate with a renewed certificate.
Hub URL changes because the Hub service is migrated to another server location.
You were previously connecting to the Hub service over plain HTTP and have just installed the certificate.
The last two cases also require that you update the URL for your external Hub service in YouTrack. For specific instructions, see Update the URL for your Hub Server.
This procedure requires that you have a copy of your Hub certificate in PEM format. The command described here only imports the certificate. The private key is not required.
To update the SSL certificate for an external Hub server in a Docker container:
Stop YouTrack:
docker exec <containerId> stopEnter the following command:
docker run --rm -it \ -v <path to conf directory>:/opt/youtrack/conf \ jetbrains/youtrack:<version> \ configure --trust-external-hub=trueStart YouTrack:
docker start <containerId>
To update the SSL certificate for an external Hub server in a ZIP installation:
Open a command-line interface and enter the following command to stop the YouTrack service:
youtrack.sh stopEnter the
configure
command. For example:<youtrack_home>bin/youtrack.sh configure --trust-external-hub=trueUse the following command to restart the YouTrack service:
youtrack.sh start