Try JFrog
Guides
Contact SupportTry JFrog
  1. Configurations
  2. Communication Between Services
  3. TLS Certificates as a Client

Trust a Self-Signed Certificate or a New CA

Add PEM certificates to $JFROG_HOME//var/etc/security/keys/trusted on all nodes to establish trust.

To trust a new certificate, add the certificate to the $JFROG_HOME/<product>/var/etc/security/keys/trusted directory of every service that needs to trust it.

Alternatively, you can also add the certificate to each application's key store. For example, to add a certificate into the JFrog Artifactory key store, you can add it directly to the host's JVM's trusted KeyStore.

Restart the Artifactory service for the new certificate to take effect.

For High Availability setups, add the certificate to every node's trusted directory or keystore. Certificates are not propagated between HA nodes automatically.

Trust a self-signed certificate in Xray instances/nodes

When an Xray instance or node is configured to go through an SSL proxy that uses a self-signed certificate, you may encounter the following issue when performing tasks such as an online database sync.

2021-07-20T14:47:47.500Z [33m[jfxr ][0m [1m[31m[ERROR][0m [c080f44e606d159 ] [samplers:91                   ] [main                ] Failed to read response from jxrayUrl. Error: Get "https://jxray.jfrog.io/api/v1/system/ping": x509: certificate signed by unknown authority
  1. To resolve this issue, import the proxy certificate into each Xray instance or pod by placing it under /etc/ssl/certs/ in the Xray machine, container, or pod. This is the default directory used by Go applications (such as Xray) when importing SSL certificates.
  2. Restart Xray.

Updated 24 days ago