When your on-premises hosting service (GitHub Enterprise, GitLab Enterprise, Bitbucket Server or Azure DevOps Server) use SSL connection, its certificates may not be trusted by Collaborator server. In this case you will need to import that certificate as trusted.
To establish trust, you need to import the public key of your on-premises server as a trusted certificate to Collaborator keystore file. Perform the following actions on the machine, where Collaborator server is installed:
-
Get the certificate file from your on-premises hosting server or network administrator.
-
Locate the keystore file which you have generated while configuring Collaborator HTTPS connection.
Default location is <Collaborator Server>/tomcat/conf/collab.ks, yet that could be changed while generating keystore.
-
Use Java’s
keytool
utility to import the server's certificate to Collaborator keystore file. You can find thekeytool
utility in the $JAVA_HOME/bin directory:$JAVA_HOME/bin/keytool -importcert -alias repo-hosting -keystore <collab-keystore-path> -trustcacerts -file <certificate-path>
For more information on command-line arguments of the keytool utility, see keytool documentation.
-
Most likely you will be prompted to confirm the validity of the certificate. It is imperative for the security of the overall system that you verify the key matches the trusted material. Before accepting the certificate, you should contact the administrator that sent you the certificates and verify that the certificate fingerprints that you see match the certificate fingerprints that they intended to send you.
-
The final step is to configure Collaborator to use the keystore. Open the <Collaborator Server>/ccollab-server.vmoptions file in a text editor, and add the following lines to it:
-Djavax.net.ssl.trustStore=<collab-keystore-path>
-Djavax.net.ssl.trustStorePassword=<collab-keystore-password>
-
Restart the Collaborator server.