YouTrack Standalone 2019.3 Help

SSL Keys

YouTrack lets you import SSL keystores into YouTrack. A keystore is a container for public and private key pairs and the certificates that they are associated with. The keystore identifies YouTrack as a client when it tries to connect to a third party.

You can also use a keystore to cache public keys (in the form of certificates) for a third party service. If you have a keystore that contains keys and certificates for an external service, you can upload them on this page. Otherwise, you can upload the certificate and public key on the SSL Certificates page.

To access SSL keys that have been imported into YouTrack, select SSL Keys in the Server Settings area of the Administration menu.

SSL keystore

The following controls are available on this page:

Control

Description

Import keystore

Click to import a keystore file from your local directory.

View keystore properties

Click the name of a key to view its properties. Here, you can also edit the name that is assigned to the imported key.

Delete

Click the Delete button to remove a key from YouTrack. Use this option to remove keystores that contain certificates that are expired or no longer in use.

Generate a Keystore File

There are several tools that let you create SSL keys and certificates in PKCS12 format. We describe how to create SSL key with the OpenSSL toolkit.

To create an SSL keystore with OpenSSL:

  1. Generate a new 2048 bit RSA key with password protection:

    openssl genrsa -des3 -out YouTrack_SAML.key 2048

  2. Generate a certificate request for the generated key:

    openssl req -new -key YouTrack_SAML.key -out YouTrack_SAML.csr

  3. Generate a certificate:

    openssl x509 -req -days 365 -in YouTrack_SAML.csr -signkey YouTrack_SAML.key -out YouTrack_SAML.crt

  4. Package the key and the certificate in a PKCS12 file:

    openssl pkcs12 -export -out YouTrack_SAML.p12 -inkey YouTrack_SAML.key -in YouTrack_SAML.crt -certfile YouTrack_SAML.crt
    • You have a PKCS12 key store (YouTrack_SAML.p12 in the example) that is ready for upload to YouTrack.

Import an SSL Keystore

Before you start, you need a keystore that contains the public and private key pair and the certificates that they are associated with. This file should either be in PKCS12 or JKS format. The private key must be protected with a password. You can generate the keystore using an application like the Java keytool.

To upload a new SSL Client Key:

  1. In the Server Settings section of the Administration menu, select SSL Keys.

  2. Click the Import keystore button.

  3. In the Import Keystore dialog, enter a name for the key.

  4. Click the Choose file button and select the keystore file from your local directory.

    import SSL keystore

  5. Enter the password for the keystore in the Store Password input field.

  6. Click the Import button.

    • The keystore is added to YouTrack.

Last modified: 16 March 2020