YouTrack lets you import SSL keystores into YouTrack. A keystore is a container for public and private key pairs and the certificates that they are associated with. The keystore identifies YouTrack as a client when it tries to connect to a third party.
You can also use a keystore to cache public keys (in the form of certificates) for a third party service. If you have a keystore that contains keys and certificates for an external service, you can upload them on this page. Otherwise, you can upload the certificate and public key on the SSL Certificates page.
To access SSL keys that have been imported into YouTrack, select SSL Keys in the Server Settings area of the Administration menu.
The following controls are available on this page:
|Import keystore||Click to import a keystore file from your local directory.|
|View keystore properties||Click the name of a key to view its properties. Here, you can also edit the name that is assigned to the imported key.|
|Delete||Click the Delete button to remove a key from YouTrack. Use this option to remove keystores that contain certificates that are expired or no longer in use.|
Generate a Keystore File
There are several tools that let you create SSL keys and certificates in PKCS12 format. We describe how to create SSL key with the OpenSSL toolkit.
To create an SSL keystore with OpenSSL:
Generate a new 2048 bit RSA key with password protection:openssl genrsa -des3 -out YouTrack_SAML.key 2048
Generate a certificate request for the generated key:openssl req -new -key YouTrack_SAML.key -out YouTrack_SAML.csr
Generate a certificate:openssl x509 -req -days 365 -in YouTrack_SAML.csr -signkey YouTrack_SAML.key -out YouTrack_SAML.crt
Package the key and the certificate in a PKCS12 file:openssl pkcs12 -export -out YouTrack_SAML.p12 -inkey YouTrack_SAML.key -in YouTrack_SAML.crt -certfile YouTrack_SAML.crt
You have a PKCS12 key store (
YouTrack_SAML.p12in the example) that is ready for upload to YouTrack.
Import an SSL Keystore
Before you start, you need a keystore that contains the public and private key pair and the certificates that they are associated with. This file should either be in PKCS12 or JKS format. The private key must be protected with a password. You can generate the keystore using an application like the Java keytool.
To upload a new SSL Client Key:
In the Server Settings section of the Administration menu, select SSL Keys.
Click the Import keystore button.
In the Import Keystore dialog, enter a name for the key.
Click the Choose file button and select the keystore file from your local directory.
Enter the password for the keystore in the Store Password input field.
Click the Import button.
The keystore is added to YouTrack.