HTTPS and SSL configuration

HTTPS

By default, Helix TeamHub does not enforce HTTPS and SSL connections to your server instance. This may be acceptable for services running behind an organization's firewall, but enforcing HTTPS and SSL is recommended if the TeamHub instance is exposed to a public network.

To enforce HTTPS:

  1. Log in to the /admin URL of the TeamHub installation and navigate to Preferences.
  2. Under Security, select Enforce HTTPS.

    Configuring HTTPS and SSL
  3. Click Save preferences.

SSL services

If Enforce HTTPS is selected:

  • To configure the TeamHub services to use the SSL certificates uploaded to your server, select Enable SSL services.

  • If have TeamHub running in Enterprise or High Availability mode with a load balancer, leave Enable SSL services unselected when SSL is offloaded to your load balancer. The SSL certificates must be setup on your load balancer.

To enable SSL services:

  1. Log in to the /admin URL of the TeamHub installation and navigate to Preferences.
  2. Under Security, select Enable SSL services.

    Configuring HTTPS and SSL
  3. Upload a valid x509 certificate and private key (RSA) in PEM format, with base64-encoded content between header and footer lines.

    Note

    Instructions for generating the certificate and private key depend on the provider. For security reasons, we recommend that you only use a self-signed certificate for testing.

    To generate a self-signed certificate and key, you can use OpenSSL:

    openssl req -newkey rsa:2048 -new -x509 -days 730 -nodes -out hth.crt -keyout hth.key
  4. Click Save preferences.

    The certificate expiration date and the assigned domain are displayed.

Troubleshooting tips

Include all certificates to the PEM file.

A single PEM file can contain a number of certificates and a key. For example:

  • Public certificate
  • Intermediate Certificate
  • Root certificate
  • Private key

Include all of the certificates in the PEM file, but not the private key. Otherwise, Git clients may receive the following error messages when doing operations against repositories:

https://helixteamhub.com/hth/projects/platform/repositories/git/insufficient-ssl-cert/': SSL certificate problem: unable to get local issuer certificate

or

error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing.