YouTrack Server 2024.2 Help

SSL Keys

YouTrack lets you import SSL keystores into YouTrack. A keystore is a container for public and private key pairs and the certificates that they are associated with. The keystore identifies YouTrack as a client when it tries to connect to a third party.

You can also use a keystore to cache public keys (in the form of certificates) for a third party service. If you have a keystore that contains keys and certificates for an external service, you can upload them on this page. Otherwise, you can upload the certificate and public key on the SSL Certificates page.

To access SSL keys that have been imported into YouTrack, open the Administration menu and select Server Settings > SSL Keys.

SSL keystore

The following controls are available on this page:



Import keystore

Click to import a keystore file from your local directory.

View keystore properties

Click the name of a key to view its properties. Here, you can also edit the name that is assigned to the imported key.


Click the Delete button to remove a key from YouTrack. Use this option to remove keystores that contain certificates that are expired or no longer in use.

Generate a Keystore File

There are several tools that let you create SSL keys and certificates in PKCS #12 format. We describe how to create an SSL key with the OpenSSL toolkit.

To create an SSL keystore with OpenSSL:

  1. Generate a new 2048-bit RSA key with password protection:

    openssl genrsa -des3 -out YouTrack_SAML.key 2048
  2. Generate a certificate request for the generated key:

    openssl req -new -key YouTrack_SAML.key -out YouTrack_SAML.csr
  3. Generate a certificate:

    openssl x509 -req -days 365 -in YouTrack_SAML.csr -signkey YouTrack_SAML.key -out YouTrack_SAML.crt
  4. Package the key and the certificate in a PKCS #12 file:

    openssl pkcs12 -export -out YouTrack_SAML.p12 -inkey YouTrack_SAML.key -in YouTrack_SAML.crt -certfile YouTrack_SAML.crt -name "YouTrack SAML"
    • You have a PKCS #12 key store (YouTrack_SAML.p12 in the example) that is ready for upload to YouTrack.

    • If you upload the keystore to secure connections to your YouTrack server, you can use the friendly name YouTrack SAML to refer to this certificate and private key when you set the value for the Alias in the HTTPS configuration.

      To learn more, see Configure TLS in the Web-based Configuration Wizard.

Import an SSL Keystore

Before you start, you need a keystore that contains the public and private key pair and the certificates that they are associated with. This file should either be in PKCS12 or JKS format. The private key must be protected with a password. You can generate the keystore using an application like the Java keytool.

To upload a new SSL Client Key:

  1. From the Administration menu, select Server Settings > SSL Keys.

  2. Click the Import keystore button.

  3. In the Import Keystore dialog, enter a name for the key.

  4. Click the Choose file button and select the keystore file from your local directory.

    import SSL keystore
  5. Enter the password for the keystore in the Store Password input field.

  6. Click the Import button.

    • The keystore is added to YouTrack.

Last modified: 12 July 2024