Set up SSL for your TeamForge site

To force all TeamForge traffic to use SSL encryption (HTTPS), state that preference in your configuration file.

1. Back up your existing httpd.conf file (SUSE: /etc/apache2/httpd.conf | RHEL/CentOS: /etc/httpd/conf/httpd.conf).
2. Open the site-options.conf file. This is the master configuration file that controls your TeamForge site.
   • vi /opt/collabnet/teamforge-installer/8.0.0.1/conf/site-options.conf
   Note: vi is an example. Any *nix text editor will work.
3. Set the options to enable SSL for the site.
   1. Set the SSL variable to on.
   2. Set the SSL_CERT_FILE variable to the location of the file that contains your site's SSL certificates.
      • SSL_CERT_FILE=www.example.com.crt
   3. Set the SSL_KEY_FILE variable to the location of the file that contains your site's RSA private keys.
      • SSL_KEY_FILE=www.example.com.key
      Important: Select a location for your cert file and your key file that is permanent across restarts. Don't use a temp directory that can be wiped out.
4. In the site-options.conf file, make sure the value of the DOMAIN_localhost variable matches that of your SSL certificate.
5. Rename the ssl.conf file (SUSE: /etc/apache2/conf.d/ssl.conf | RHEL/CentOS: /etc/httpd/conf.d/ssl.conf) as ssl.conf.old (SUSE: /etc/apache2/conf.d/ssl.conf.old | RHEL/CentOS: /etc/httpd/conf.d/ssl.conf.old), if it exists.
6. If you are converting an existing site to use SSL (that is, if your site already has had users accessing it via HTTP and not HTTPS), you must update your site's publishing repository to use the new SSL settings.

   To do this, ask your CollabNet support representative for the fix-publishing-repos-to-ssl.py script.

7. Stop all TeamForge services.
   • /etc/init.d/collabnet stop all
8. Run the installer.
   • cd /opt/collabnet/teamforge-installer/8.0.0.1
   • ./install.sh -r -I -V
9. Start TeamForge
   • /etc/init.d/collabnet start all