Google Git
Sign in
gerrit / gitblit / 63dbdfda13daa78a26f1c2e77b0a4bfd5a35df8d / . / src / main / distrib / data / certs / instructions.tmpl
blob: 11ea78fff87c467f416ee064c42867c2c0ee8474 [file] [log] [blame]
********************************************************************************
Gitblit SSL Client Certificate for $serverHostname
********************************************************************************
Hello $userDisplayname,
Your private key, public certificate, and the Gitblit Certificate Authority
certificate for $serverHostname are stored in $username.p12, a PKCS#12 certificate
store[1], and also in $username.pem, a PEM certificate store.
Both of these certificate stores are password-protected.
Password Hint: $storePasswordHint
Git (All) Installation Instructions
=============================================
The provided PEM file can be directly used by your git client.
git config [--global] http.sslCert path/to/$username.pem
The supplied PEM file is password-protected and you may be prompted for your
password multiple times during an exchange with Gitblit. If you desire a
password-less git client workflow then you will need to decrypt and export your
private key with OpenSSL[2] and then update your git config to use that key.
openssl rsa -in path/to/$username.pem -out path/to/$username.key
git config [--global] http.sslKey path/to/$username.key
Obviously, you should protect access to any decrypted private key.
NOTE:
Some older git clients may have trouble using the PEM file without explicitly
extracting the private key. This has been observed, for example, on Ubuntu 12.04
with git 1.7.9.5.
Firefox (All) Installation Instructions
=============================================
Firefox maintains it's own certificate store which is separate from the operating
system.
1. Navigate to Options->Advanced->Encryption
2. Click "View Certificates"
3. Switch to the "Your Certificates" tab
4. Click "Import..."
5. Navigate your filesystem and select $username.p12
6. At the password prompt enter the certificate store password
You have now imported your private key, public certificate, and the CA certificate
but now we must manually set the trust settings of the CA certificate.
7. Switch to the "Authorities" tab
8. Scroll down and find "Gitblit-> Gitblit Certificate Authority"
9. Select it and click "Edit Trust..."
10. Check "This certificate can identify websites" and click OK.
Chrome/IE (Windows) Installation Instructions
=============================================
On Windows, Chrome and IE share their certificate store so configuring one will
automatically apply for both.
IE
------------------------------------
1. Navigate to Internet Options->Content
2. Click the "Certificates" button
Chrome
------------------------------------
1. Navigate to Settings->Show Advanced Settings->HTTP/SSL
2. Click the "Manage Certificates..." button
Both (Windows)
------------------------------------
3. Switch to the "Personal" tab
4. Click the "Import..." button
5. Follow the Import Wizard instructions.
You will need to change the selected file filter when navigating to $username.p12
6. At the password prompt enter the certificate store password
7. Because both your personal certificate and the CA certifcate are stored in
$username.p12, you must choose "Automatically select the certificate store based on the type of certificate".
If you choose the default you will not install the CA certificate.
Chrome (Linux) Installation Instructions
=============================================
On Linux, Chrome maintains it's own certificate store.
1. Navigate to Settings->Show Advanced Settings->HTTP/SSL
2. Click the "Manage Certificates..." button
3. Navigate your filesystem and select $username.p12
4. At the password prompt enter the certificate store password
You have now imported your private key, public certificate, and the CA certificate
but now we must manually set the trust settings of the CA certificate.
5. Switch to the "Authorities" tab
6. Scroll down and find "Gitblit-> Gitblit Certificate Authority"
7. Select it and click "Edit Trust..."
8. Check "This certificate can identify websites" and click OK.
Chrome/Safari (Mac OS X) Installation Instructions
=============================================
On Mac OS X, Chrome and Safari both use Keychain Access to store certificates
so configuring one will automatically apply for both.
1. Double-click $username.pem
2. At the password prompt enter the certificate store password
You have now imported your private key, public certificate, and the CA certificate
but now we must manually set the trust settings of the CA certificate.
3. Find the Gitblit Certificate Authority certificate, it should have a red
indicator meaning untrusted, and double-click it.
4. Open the "Trust" disclosure triangle and change "When using this certificate"
to "Always Trust".
5. Close the certificate view and enter your system password to save the changes
to your keychain.
[1] PKCS#12 is one of the standard container formats for sharing private keys and
public certificates.
[2] http://www.openssl.org