Using Artifactory 5.x ?
JFrog Artifactory 5.x User Guide
Have a question? Want to report an issue?Contact JFrog support
Overview
For several security features that you want to use over a secure connection (such as LDAPS, Secure Active Directory, or Secure OAuth), you may configure Artifactory to allow a non-trusted self-signed certificate
Configuring a Self-Signed Certificate
我f you want to use a non-trusted (self-signed) certificate, please follow the steps below (thanks to Marc Schoechlin for providing this information):
Download the CA of the ssl secured server
openssl s_client -connect
-showcerts < /dev/null >server.ca Examples
LDAP or Active Directory:
openssl s_client -connectthe.ldap.server.net:636-showcerts < /dev/null >server.ca
OAuth (Use the Authorization URL). For example, with GitHub:
openssl s_client -connectgithub.com:443/login/oauth/authorize-showcerts < /dev/null >server.ca- 我dentify the CA certificate and keep only the ascii-text between BEGIN/END CERTIFICATE maker
- 我dentify the standard
除
file of your Java installation - Create a custom
除
file by copying the除
file to the Artifactory configuration dir, e.g.cp /usr/lib64/jvm/java-1_6_0-ibm-1.6.0/jre/lib/security/cacerts /etc/opt/jfrog/artifactory/
- 我mport the CA certificate into thecustomized除file
keytool -import -alias myca -keystore /etc/opt/jfrog/artifactory/cacerts -trustcacerts -fileserver.ca
=> Password: changeit
=> Agree to add the certificate
- Change permissions for the
artifactory
userchmod 755 /etc/opt/jfrog/artifactory/cacerts
chown artifactory:users /etc/opt/jfrog/artifactory/cacerts
- Modify the defaults of the Artifactory JVM to use the custom
除
fileecho "export JAVA_OPTIONS=\"\$JAVA_OPTIONS -Djavax.net.ssl.trustStore=/etc/opt/jfrog/artifactory/cacerts\"" >> /etc/opt/jfrog/artifactory/default
- 重启Artifactory