Youtrack over SSL
Hello.
Where I can find a detailed instruction how I can configure our YouTrack instance to be used over SSL?
I found a lot of materials regarding Tomcat over SSL and others, but I can't put this working till now.
Can you help me?
Regards,
Sergiu
Where I can find a detailed instruction how I can configure our YouTrack instance to be used over SSL?
I found a lot of materials regarding Tomcat over SSL and others, but I can't put this working till now.
Can you help me?
Regards,
Sergiu
Please sign in to leave a comment.
Unfortunately, we have no such materials in our documentation yet, as it's not the YouTrack's competency. We have planned to add manuals of the most general cases soon. You are always welcome to ask us all the quesions, even if they are not about YouTrack's side, we'll direct you in the right way.
What particular problems are you experienced?
Thank you.
The problem is that we have bought some licenses for YouTrack and we want to give access externally for some of our customers. Also we want to do this in secure way.
I’ve found over Internet how to configure Tomcat to use SSL. I’ve created a certification store, bought signed SSL certificates from trusted CA, imported them etc… but I can’t get working YouTrack over SSL.
Can you advice what I’m doing wrong?
PS: I’ve tried to configure also with self-signed certificates, but I still can’t get connected to YouTrack server using secure way on port 443. The port is opened, get connected via Telnet.
Regards,
Sergiu
I've fixed that.
For the people that encountered the same error, as a fix you should edit the server.xml and to change the protocol for Connector that will be used for secured connection from HTTP/1.1 to org.apache.coyote.http11.Http11NioProtocol. Your config should looks like below
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="Your path to keystore file" keystorePass="Your keystore password" />
I've tried troubleshooting with curl and this is what I see:
$ curl -Iv https://<my server>.com
- About to connect() to <my server>.com port 443 (#0)
- Trying <IP ADDR>...
- 0x8001f140 is at send pipe head!
- STATE: CONNECT => WAITCONNECT handle 0x80057408; line 1032 (connection #0)
- Connected to <my server>.com (<IP ADDR>) port 443 (#0)
- successfully set certificate verify locations:
- CAfile: /usr/ssl/certs/ca-bundle.crt
CApath: none- SSLv3, TLS handshake, Client hello (1):
- STATE: WAITCONNECT => PROTOCONNECT handle 0x80057408; line 1145 (connection #0 )
- Unknown SSL protocol error in connection to <my server>.com:443
- Closing connection 0
- The cache now contains 0 members
curl: (35) Unknown SSL protocol error in connection to <my server>.com:443My connector configuration looks like this:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:/bin/.keystore" keystorePass="<password>" keyAlias="tomcat" />
I can still connect over HTTP just fine.
Thanks for your help.
Thank you for your help.
Steven,
I hate to break it to you, but we are not able to solve such issues. We can only suggest you.
So, problem may be because the .keystore doesn;t exist in default directory (as Tomcat thinks). It shouldn't exist inside WAR.
Another assumption is that your SSl was not configured correctly.
Anyways, the best way to solve this is to look at the official Tomcat documentation or to follow this suggestion http://forum.jetbrains.com/message/YouTrack-940-6 .
Thank you.
That's great.
Thank you for useful link.
Thank you for contacting IQMS. I will be out of the office October 7th. While I am out I will have limited access to email. If you require immediate assistance please contact Automation at automation@iqms.com.
I look forward to assisting you upon my return.
Steven Bryden
Automation Software Engineer
Phone: 805.227.1122 Ext. 297
Fax: 805.227.1120
By Your Side, Every Step of the Way, From Start to Finish
For more information on IQMS products or services, please visit our website at www.iqms.com<http://www.iqms.com/>
Here’s the mail I got recently for my problem
Disable QUIC Protocol
in URL write "chrome://flags/#enable-quic Protocol" and hit Enter,
if will be selected as Default, now click on that drop-down and select Disabled,
now click on Relaunch in bottom.
2) Update the system Time
3) Disable unknown or unused extensions
4) Check if there is restrictions on Firewall or not.
If you error is still not solved, or getting other SSL error please visit <ERR_SSL_PROTOCOL_ERROR – Fix by deskdecode>
Hello John, I'm sorry, but it's not clear for me, could you please elaborate, what you issue is exactly? How can we help you? Thank you.
There are two ways to fix it, You can Proxy or you can ERR_SSL_PROTOCOL_ERROR mentor Hope it will work for you.