How to Connect to External Servers Via HTTPS
Under normal circumstances, connecting to external systems (source code repositories, issue trackers, etc.) via HTTPS does not require any configuration; Teamscale will use the default Java certificate store and, if it contains a valid certificate chain to validate the external system's SSL/TLS certificate, everything will work out of the box. There are circumstances, however, where you need to perform some explicit configuration.
Using Self-Signed Certificates
If the external system is accessed via HTTPS but the certificate for the underlying SSL/TLS connections is not signed by one of the certificate authorities known to a default Java installation, Teamscale needs to be made aware of the certificate. Start by downloading the certificate in question, e.g., through your web browser, and store it in DER format (.cer file extension).
Next, create a trust store that contains that certificate. The trust store is a Java Keystore (.jks) created with the keytool command line tool (located in $JAVA_HOME/bin/keytool). We use the name "trust store" to emphasize that it contains the certificates of other server that Teamscale should trust. In contrast to the trust store, the keystore contains Teamscale's own certificate that is used if Teamscale itself offers HTTPS (Accessing Teamscale via HTTPS).
To create the trust store use the keytool as follows: (certificate.cer is the certificate you downloaded, truststore.jks is the trust store to be created and Alias is the alias under which to store the certificate in the trust store.)
keytool -importcert -file certificate.cer -keystore truststore.jks -alias AliasYou will be prompted for a password for the trust store. Multiple certificates can be imported into the same trust store under different aliases.
After all necessary certificates have been imported, add the following to the JVM_EXTRA_ARGS entry in the file $TEAMSCALE_HOME/config/jvm.properties:
-Djavax.net.ssl.trustStore=<Path-to-Truststore-File>
-Djavax.net.ssl.trustStorePassword=<Password>Note that this trust store will only contain the certificate(s) manually imported earlier. In case you also depend on the default certificates present on the system, you can import these into your trust store from the default installation (usually $JAVA_HOME/jre/lib/security/cacerts) using the -importkeystore command.
Using Certificates from the Windows Certificate Store
On Windows, you can use the certificates from the operating system's build-in certificate store. by adding the following options to the entry JVM_EXTRA_ARGS in the file $TEAMSCALE_HOME/config/jvm.properties:
-Djavax.net.ssl.trustStoreType=Windows-ROOT
-Djavax.net.ssl.trustStore=NULTurning Off Certificate Validation
In case the certificates are not valid (e.g., the hostname is incorrect), Java will still reject the certificates and refuse HTTPS connections to the external systems. To fix this problem, you can either install a valid certificate on the server or instruct Teamscale to not validate any SSL/TLS certificates.
To disable validation of SSL certificates, add the following to the entry JVM_EXTRA_ARGS in the file $TEAMSCALE_HOME/config/jvm.properties:
-Dcom.teamscale.disable-ssl-certificate-validation=trueNot Secure
Disabling SSL validation is strongly discouraged; it is not a secure practice.