Upsource 2019.1 Help

TLS Server Certificate

To secure the connection to your Upsource server with the built-in TLS, you must have a server certificate and private key, or a keystore.

For a production environment, we urge you to obtain an SSL certificate from a trusted Certificate Authority.

However, for testing and evaluation purposes, you can use a self-signed certificate. There are several tools that let you create SSL keys and certificates. This page describes a procedure for creating a self-signed server certificate with the OpenSSL toolkit.

Create a Self-signed Server Certificate

Create a self-signed server certificate with the OpenSSL

  1. Generate a new 2048 bit RSA key:

    openssl genrsa -out Upsource_Server_TLS.pem 2048

  2. Generate a certificate request for the generated key:

    openssl req -new -key Upsource_Server_TLS.pem -out Upsource_Server_TLS_req.csr

    As the Common Name parameter, set the fully-qualified domain name (FQDN) of your server — i.e. upsource.mydomain.com

    The service will be available at this URL through the generated server certificate.

  3. We recommend creating a certificate of version v3 to ensure compatibility with the most browsers. To generate such a certificate, you need to preliminary create a configuration file and provide it during the certificate generation. Create a text configuration file (let's name it v3.ext) with the following content:

    authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

  4. Generate a certificate (of the version v3):

    openssl x509 -in Upsource_Server_TLS_req.csr -out Upsource_Server_TLS_cert.pem -req -signkey Upsource_Server_TLS.pem -days 3650 -extfile v3.ext

Result: You have a self-signed server certificate Upsource_Server_TLS_cert.pem and its private key Upsource_Server_TLS.pem.

Now, you can:

  • Use these files when switching your current Upsource instance to the HTTP mode.

  • Upload these files during installation or upgrade, on the Confirm Settings step of the Configuration Wizard:

    upsource_setup_secure.png
    1. Open the HTTPS > Private key and certificate settings by pressing the corresponding buttons.

    2. Upload the created Upsource_Server_TLS.pem file as the private key.

    3. Upload the created Upsource_Server_TLS_cert.pem as the certificate.

Last modified: 09 July 2020