Hub 2022.1 Help

SSL Keys

Hub supports uploading SSL keystores and trusted certificates. A client key is used to identify Hub as a client when connecting to a third-party server, whereas adding a server certificate as trusted means that you trust the server that possesses a respective key.

SSL keystores

The uploaded SSL client keys and trusted certificates can be used to configure secure connection with supported authorization services.


  • The keystore must be in PKCS12 or JKS format.

  • The keystore must be password protected.

  • The keystore must contain a single entry.

Managing SSL Keystores

To view and manage SSL keys, open the Administration > SSL Keys page in Hub.

To upload a new SSL client key:

  1. On the SSL Keys page, click the Import keystore button.

    • The Import Keystore dialog opens.

    Import SSL keystore
  2. Enter a name for the new keystore and select the target keystore file on your local machine.

  3. Enter your password for the keystore. Keystores without password protection are not supported.

  4. Click Import to upload the keystore to Hub.

When the import is finished, the page with the keystore properties is displayed.

To quickly view the properties of an SSL key:

  1. Select the key in the list.

  2. Click the Details button to view properties of the selected SSL key in the sidebar.

To edit the name of an SSL key:

  1. Click the name of the key in the list to open its properties page.

  2. Edit the name and click Save button.

To remove an SSL key from Hub:

  1. Select a keystore in the list.

  2. Click the Delete keystore button in the toolbar.

Generate a Keystore File

There are several tools that let you create SSL keys and certificates in PKCS12 format. We describe how to create SSL key with the OpenSSL toolkit.

To create an SSL keystore with OpenSSL:

  1. Generate a new 2048 bit RSA key with password protection:

    openssl genrsa -des3 -out YouTrack_SAML.key 2048
  2. Generate a certificate request for the generated key:

    openssl req -new -key YouTrack_SAML.key -out YouTrack_SAML.csr
  3. Generate a certificate:

    openssl x509 -req -days 365 -in YouTrack_SAML.csr -signkey YouTrack_SAML.key -out YouTrack_SAML.crt
  4. Package the key and the certificate in a PKCS12 file:

    openssl pkcs12 -export -out YouTrack_SAML.p12 -inkey YouTrack_SAML.key -in YouTrack_SAML.crt -certfile YouTrack_SAML.crt
    • You have a PKCS12 key store (YouTrack_SAML.p12 in the example) that is ready for upload to YouTrack.

Last modified: 02 May 2022