Protect integrations with SSL

If you have registered Secure Socket Layer (SSL) certificates, your site's users can use SSL when they set up an SCM integration server.

If you use certificates that are generated in-house, self-signed, or signed by a non-established Certificate Authority, they must be registered with each client system that will connect to the CollabNet TeamForge server. Registration consists of importing custom certificates into the Java runtime's global keystore on each server.
Important: This will affect any other Java applications on the server that use the same Java runtime.
  1. Collect server certificates from all servers. On RHEL, CentOS and other RedHat-based distributions, these are contained in /etc/httpd/conf/ssl.crt/server.crt.
    Tip: Be sure to use exactly this path, as there are other files with similar names, plus server certificates are not really secret, but some other files are. So, files must be copied (e.g., via scp) to the same directory, and renamed if necessary to avoid clashes. We recommend that you use the short server name of the corresponding server for this.
  2. Locate the Java keystore. This is PATH_TO_JAVA/jre/lib/security/cacerts. For example, this may be /usr/local/j2sdk1.4.2_10/jre/lib/security/cacerts.
  3. Locate the Java keytool utility. This is PATH_TO_JAVA/bin/keytool For example, /usr/local/j2sdk1.4.2_10/bin/keytool.
  4. Import each server certificate into the keystore.
    • PATH_TO_JAVA/bin/keytool -import -keystore PATH_TO_JAVA/jre/lib/security/cacerts -file <server>.crt -alias <server>
    Note: Any value is accepted for server in -alias <server>.
  5. At the password prompt, use changeit. Confirm that you trust the certificate by typing yes.
  6. Verify that all your certificates are added.
    • PATH_TO_JAVA/bin/keytool -list -keystore PATH_TO_JAVA/jre/lib/security/cacerts |less
    Note: The list will contain many more certificates. These are top-level CA certificates, provided with Java.
  7. Update /etc/sourceforge.properties to enable secure communication.
    1. Set sfmain.integration.listener_ssl to true.
    2. Set sfmain.integration.listener_port to 443.
  8. If you are running more than one separate server, repeat these steps for each server.
  9. Restart TeamForge
Now you can check the Use SSL checkbox when creating an SCM integration.