Helix TeamHub Administrator Guide (2020.1 Enterprise)

SSL Configuration

When Helix TeamHub is installed, it does not enforce an SSL connection by default to access the application and repositories. While this may be acceptable for services running behind an organization's firewall, enforcing SSL is highly recommended if the Helix TeamHub instance is exposed to a public network.

To enable SSL:

  1. Login to the /admin URL of the Helix TeamHub installation and navigate to Preferences.
  2. Under Security, select the SSL only (recommended) check box.

    Configuring SSL
  3. Upload a valid x509 certificate and private key (RSA) in PEM format, with base64-encoded content between header and footer lines.

    Note

    Instructions for generating the certificate and private key depend on the provider. For security reasons, we recommend that you only use a self-signed certificate for testing.

    To generate a self-signed certificate and key, you can use OpenSSL:

    openssl req -newkey rsa:2048 -new -x509 -days 730 -nodes -out hth.crt -keyout hth.key
  4. Click Save preferences.

    TeamHub displays the certificate expiration date and the assigned domain.

Troubleshooting tips

Include all certificates to the PEM file

A single PEM file can contain a number of certificates and a key, for example:

  • Public certificate
  • Intermidiate Certificate
  • Root certificate
  • Private key

You should include all the certificates to the PEM file, but not the private key. Otherwise, Git clients may receive the following error messages when doing operations against repositories:

https://helixteamhub.cloud/hth/projects/platform/repositories/git/insufficient-ssl-cert/': SSL certificate problem: unable to get local issuer certificate

or

error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing.