Setting up SSL for SCM-Manager with Microsoft CA and TortoiseHg - Diryboy－IT工程師數位筆記本

文章出處

You can configure SSL for SCM-Manager so that the communication of your repositories are encrypted.

Recommend doing the certificate things on a non-Server-OS PC

Get JDK, the installation help can be found here
Create a public/private key pair in a keystore
1. keytool -genkey -keyalg RSA -alias scm -keystore keystore.jks
2. Then you will be asked to provide the password to protect the keystore, and info about your organization, at last, type yes to confirm the creation.
Request a trusted certificate
1. keytool -certreq -alias scm -keystore keystore.jks -file scm.csr
2. Open scm.csr with Notepad and copy its the content
3. Login to your CA server, for example: https://CA/certsrv/
4. Click Request a certificate
5. Click advanced certificate request
6. Click Submit a certificate request by using a base-64-encoded ..
7. Paste the content into Base-64-encoded certificate request
8. Choose Web Server for Certificate Template
9. Click the Submit button
10. The default DER encode is fine, download the certificate file, name it scm.cer
11. Also, download the CA certificate, name it rootCA.cer
Import both CA and the requested certificate into keystore
1. keytool -import -alias root -file rootCA.cer -keystore keystore.jks
2. keytool -import -alias scm -file scm.cer -keystore keystore.jks

Now you can copy the keystore.jks file to the server under D:\scm-server\conf, and start configuring Jetty

Edit the server-config.xml file
1. Uncomment the SSL-Connector section
2. Specify passwords to the keystore.jks file, they can be in clear text, obfuscated, checksummed or encrypted
Restart the scm-server service

Configuring TortoiseHg

When saving the path, choose Verify with stored host fingerprint in the Security window, and click the Query button.