TLS Server Certificate
To secure the connection to your Upsource server with the built-in TLS, you must have a server certificate and private key, or a keystore.
For a production environment, we urge you to obtain an SSL certificate from a trusted Certificate Authority.
However, for testing and evaluation purposes, you can use a self-signed certificate. There are several tools that let you create SSL keys and certificates. This page describes a procedure for creating a self-signed server certificate with the OpenSSL toolkit.
Create a Self-signed Server Certificate
Create a self-signed server certificate with the OpenSSL
Generate a new 2048 bit RSA key:
openssl genrsa -out Upsource_Server_TLS.pem 2048
Generate a certificate request for the generated key:
openssl req -new -key Upsource_Server_TLS.pem -out Upsource_Server_TLS_req.csr
As the Common Name parameter, set the fully-qualified domain name (FQDN) of your server — i.e.
The service will be available at this URL through the generated server certificate.
We recommend creating a certificate of version v3 to ensure compatibility with the most browsers. To generate such a certificate, you need to preliminary create a configuration file and provide it during the certificate generation. Create a text configuration file (let's name it
v3.ext) with the following content:
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
Generate a certificate (of the version v3):
openssl x509 -in Upsource_Server_TLS_req.csr -out Upsource_Server_TLS_cert.pem -req -signkey Upsource_Server_TLS.pem -days 3650 -extfile v3.ext
Result: You have a self-signed server certificate
Upsource_Server_TLS_cert.pem and its private key
Now, you can:
Use these files when switching your current Upsource instance to the HTTP mode.
Upload these files during installation or upgrade, on the Confirm Settings step of the Configuration Wizard:
Open the HTTPS > Private key and certificate settings by pressing the corresponding buttons.
Upload the created
Upsource_Server_TLS.pemfile as the private key.
Upload the created
Upsource_Server_TLS_cert.pemas the certificate.