123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123 |
- ********************************************************************************
- Gitblit SSL Client Certificate for $serverHostname
- ********************************************************************************
-
- Hello $userDisplayname,
-
- Your private key, public certificate, and the Gitblit Certificate Authority
- certificate for $serverHostname are stored in $username.p12, a PKCS#12 certificate
- store[1], and also in $username.pem, a PEM certificate store.
-
- Both of these certificate stores are password-protected.
- Password Hint: $storePasswordHint
-
-
- Git (All) Installation Instructions
- =============================================
-
- The provided PEM file can be directly used by your git client.
-
- git config [--global] http.sslCert path/to/$username.pem
-
- The supplied PEM file is password-protected and you may be prompted for your
- password multiple times during an exchange with Gitblit. If you desire a
- password-less git client workflow then you will need to decrypt and export your
- private key with OpenSSL[2] and then update your git config to use that key.
-
- openssl rsa -in path/to/$username.pem -out path/to/$username.key
- git config [--global] http.sslKey path/to/$username.key
-
- Obviously, you should protect access to any decrypted private key.
-
- NOTE:
- Some older git clients may have trouble using the PEM file without explicitly
- extracting the private key. This has been observed, for example, on Ubuntu 12.04
- with git 1.7.9.5.
-
-
- Firefox (All) Installation Instructions
- =============================================
-
- Firefox maintains it's own certificate store which is separate from the operating
- system.
-
- 1. Navigate to Options->Advanced->Encryption
- 2. Click "View Certificates"
- 3. Switch to the "Your Certificates" tab
- 4. Click "Import..."
- 5. Navigate your filesystem and select $username.p12
- 6. At the password prompt enter the certificate store password
- You have now imported your private key, public certificate, and the CA certificate
- but now we must manually set the trust settings of the CA certificate.
- 7. Switch to the "Authorities" tab
- 8. Scroll down and find "Gitblit-> Gitblit Certificate Authority"
- 9. Select it and click "Edit Trust..."
- 10. Check "This certificate can identify websites" and click OK.
-
-
- Chrome/IE (Windows) Installation Instructions
- =============================================
-
- On Windows, Chrome and IE share their certificate store so configuring one will
- automatically apply for both.
-
- IE
- ------------------------------------
- 1. Navigate to Internet Options->Content
- 2. Click the "Certificates" button
-
- Chrome
- ------------------------------------
- 1. Navigate to Settings->Show Advanced Settings->HTTP/SSL
- 2. Click the "Manage Certificates..." button
-
- Both (Windows)
- ------------------------------------
- 3. Switch to the "Personal" tab
- 4. Click the "Import..." button
- 5. Follow the Import Wizard instructions.
- You will need to change the selected file filter when navigating to $username.p12
- 6. At the password prompt enter the certificate store password
- 7. Because both your personal certificate and the CA certifcate are stored in
- $username.p12, you must choose "Automatically select the certificate store based on the type of certificate".
- If you choose the default you will not install the CA certificate.
-
-
- Chrome (Linux) Installation Instructions
- =============================================
-
- On Linux, Chrome maintains it's own certificate store.
-
- 1. Navigate to Settings->Show Advanced Settings->HTTP/SSL
- 2. Click the "Manage Certificates..." button
- 3. Navigate your filesystem and select $username.p12
- 4. At the password prompt enter the certificate store password
- You have now imported your private key, public certificate, and the CA certificate
- but now we must manually set the trust settings of the CA certificate.
- 5. Switch to the "Authorities" tab
- 6. Scroll down and find "Gitblit-> Gitblit Certificate Authority"
- 7. Select it and click "Edit Trust..."
- 8. Check "This certificate can identify websites" and click OK.
-
-
- Chrome/Safari (Mac OS X) Installation Instructions
- =============================================
-
- On Mac OS X, Chrome and Safari both use Keychain Access to store certificates
- so configuring one will automatically apply for both.
-
- 1. Double-click $username.pem
- 2. At the password prompt enter the certificate store password
- You have now imported your private key, public certificate, and the CA certificate
- but now we must manually set the trust settings of the CA certificate.
- 3. Find the Gitblit Certificate Authority certificate, it should have a red
- indicator meaning untrusted, and double-click it.
- 4. Open the "Trust" disclosure triangle and change "When using this certificate"
- to "Always Trust".
- 5. Close the certificate view and enter your system password to save the changes
- to your keychain.
-
-
- [1] PKCS#12 is one of the standard container formats for sharing private keys and
- public certificates.
- [2] http://www.openssl.org
|