Upsource 2020.1 Help

Importing a Hub certificate to Upsource

If your Hub instance is available through HTTPS via a self-signed certificate or a certificate signed by a private CA, you won't be able to connect to Hub because such certificates are not trusted.

Follow this instruction to import a Hub certificate to Upsource and configure the Upsource services running in the cluster to accept it.

Prepare keystore.jks containing Hub certificate

  1. Download your host's certificate from the browser (the instruction is for Google Chrome):

    • Open the Hub home page (for instance

    • Click the lock icon in the address bar to display information about the host.

    • Go to the Connections tab and click Certificate information. A dialog with information about the host's certificate will be displayed.

    • Go to the Details tab and click the Export... button at the bottom.

    • Save the certificate in the "Base64-encoded ASCII, single certificate" format (let's call it

  2. Create a new keystore and import the certificate into it. Give it a new password (it must be at least 6 characters) and confirm that you trust the certificate.

    keytool -import -trustcacerts -file -alias -keystore keystore.jks Enter keystore password: <keystore password> Re-enter new password: <keystore password> ... <Certificate info shown here> ... Trust this certificate? [no]: yes Certificate was added to keystore

Go through the following steps for each swarm node

  1. Copy the file keystore.jks to every swarm node (let's assume the file is stored on a target node at: /opt/hub/cert/keystore.jks)

  2. Run the following command: chown -R 13001:13001 /opt/hub/cert

Set volumes for all the services (except haproxy):

The following volumes are predefined in the docker-compose.yml file. You just need to uncomment them, so that the resulting text would look like this:

analyzer: volumes: - /opt/hub/cert:/opt/upsource-analyzer/conf/cert ... frontend: volumes: - /opt/hub/cert:/opt/upsource-frontend/conf/cert ... psi-broker: volumes: - /opt/hub/cert:/opt/upsource-psi-broker/conf/cert ... opscenter: volumes: - /opt/hub/cert:/opt/upsource-opscenter/conf/cert ... file-clustering: volumes: - /opt/hub/cert:/opt/upsource-file-clustering/conf/cert

The following volume is predefined in the docker-compose-cluster-init.yml file:

cluster-init: volumes: - /opt/hub/cert:/opt/upsource-cluster-init/conf/cert ...

An uncommented volume defines the directory on a swarm node the actual keystore.jks file will be stored in. If you'd like to store it in a swarm node directory other than the default one (/opt/hub/cert), you will have to replace the default value /opt/hub/cert in the uncommented volume definition with the actual directory containing keystore.jks.

Set parameters

Set parameters HUB_KEYSTORE_PATH and HUB_KEYSTORE_PASSWORD in upsource.env:


HUB_KEYSTORE_PASSWORD=<master password from provided keystore should be set here>

Last modified: 02 April 2021