Protect integrations with SSL

If you have registered Secure Socket Layer (SSL) certificates, your site's users can use SSL when they set up an SCM integration server.

1. Collect server certificates from all servers. On RHEL, CentOS and other RedHat-based distributions, these are contained in /etc/httpd/conf/ssl.crt/server.crt.
   Tip: Be sure to use exactly this path, as there are other files with similar names, plus server certificates are not really secret, but some other files are. So, files must be copied (e.g., via scp) to the same directory, and renamed if necessary to avoid clashes. We recommend that you use the short server name of the corresponding server for this.
2. Locate the Java keystore. This is PATH_TO_JAVA/jre/lib/security/cacerts. For example, this may be /usr/local/j2sdk1.4.2_10/jre/lib/security/cacerts.
3. Locate the Java keytool utility. This is PATH_TO_JAVA/bin/keytool For example, /usr/local/j2sdk1.4.2_10/bin/keytool.
4. Import each server certificate into the keystore.
   • PATH_TO_JAVA/bin/keytool -import -keystore PATH_TO_JAVA/jre/lib/security/cacerts -file <server>.crt -alias <server>
   Note: Any value is accepted for server in -alias <server>.
5. At the password prompt, use changeit. Confirm that you trust the certificate by typing yes.
6. Verify that all your certificates are added.
   • PATH_TO_JAVA/bin/keytool -list -keystore PATH_TO_JAVA/jre/lib/security/cacerts |less
   Note: The list will contain many more certificates. These are top-level CA certificates, provided with Java.
7. Update /etc/sourceforge.properties to enable secure communication.
   1. Set sfmain.integration.listener_ssl to true.
   2. Set sfmain.integration.listener_port to 443.
8. If you are running more than one separate server, repeat these steps for each server.
9. Restart TeamForge