Skip to end of metadata
Go to start of metadata

The authentication and encryption for HTTPS is controlled by an SSL certificate. When you are using an official HTTPS certificate for your Team Server, you need the following: 

  • a private key
  • a public key (= the signed SSL certificate)

Both keys are stored in a Java keystore that needs to be created. Once this keystore is created, the Team Server needs to be configured to use this keystore. 

To create a keystore, use an application for creating keystores and certificates. For this instruction the tool Portecle is used. You can download this tool at http://portecle.sourceforge.net/ .

Create a keystore

  1. Create a new empty keystore. Go to File > New Keystore, select a keystore type, for example PKCS#12, and click OK.



  2. Generate a new key pair, or import one if you already have a key pair available.

     Generate a new key pair
    1. Go to Tools > Generate key pair.

    2. Select the desired key size and click OK.

      It is recommended to set the key size to 4096, and not to use any key smaller than 2048 bits.



    3. In Generate Certificate, enter your Team Server domain name as the Common Name, and then click OK.



    4. In the Key Pair Entry Alias window, click OK.



    5. In Key Pair Entry Password, enter a password to protect the private key with, confirm the password, and then click  OK .



    6. After successful creation of the key pair, click OK.
     Import a key pair
    1. Go to Tools > Import key pair.

    2. Select a keystore or PEM bundle file from which you want to import the key pair, and click Choose.



    3. Depending on the type of file you have chosen, you need to enter one or more passwords. Enter the password(s) and click OK.

    4. Select the required key pair, and then click OK.



    5. In the Key Pair Entry Alias window, click OK.

    6. After a successful import, click OK.

      If import is not successful, the key pair may be incomplete. To check if a key pair is incomplete:

      • Upon import, the key pair must have the  icon. If it has a different icon, the key pair is incomplete.



      • Open the keystore file containing the key pair and export the key pair. To do this, right-click the key pair file and select Export. Export type "Private Key and Certificates" must be available. If it is disabled, the key pair is incomplete.

  3. Go to File > Save Keystore , enter a new password, and then click OK.



  4. Enter a name for the keystore, select the location to store it, and then click Save.  



You have now successfully created a keystore with a key pair.

Next step is creating a Certificate Signing Request (CSR), which you need to submit to a Certificate Authority (CA). Continue in the keystore creation tool.

Create a Certificate Signing Request

  1. Right-click the newly created key pair, and select Generate Certification Request.



  2. Enter the key pair password and click OK.

  3. Select a location to store the Certificate Signing Request, and click Generate.



  4. After successfully generating the Certificate Signing Request, click OK.

  5. Send the Certificate Signing Request to your Certificate Authority. It can be a public or an internal CA.

    The 
    CA will return the certificate signed. In addition to the signed certificate you may receive 1 or more additional certificates: a root certificate, and/or an intermediate certificate.

    Continue in the keystore creation tool.

  6. Only if you have received more than one certificate file, perform this step. If you have received only one certificate file, skip it and continue with the next step.

    Go to Tools > Import trusted certificate, select the root certificate of the CA, and click Import.

    If you have also received an intermediate certificate, perform this step one more time to import the public certificate.

    Portecle may warn you that it cannot establish a trust path for the root certificate. Verify the information it shows you, and then accept the certificate as trusted.



  7. Right-click your Certificate Signing Request, select Import CA reply, select the received signed certificate (.cer), and click Import.



  8. Save the keystore.


You have now created a keystore with an SSL certificate that can be used for the Team Server.