When Helix TeamHub is installed, by default it does not enforce SSL connection to access the application and repositories. While this may be acceptable for services running behind organization firewall, enforcing SSL is highly recommended if the Helix TeamHub instance is exposed to public network.
To enable SSL, login to Helix TeamHub Admin, navigate to "Preferences", and check "SSL only (recommended)" under "Security" section. Next, upload a valid x509 certificate and private key in PEM format. After saving preferences, the certificate expiration date and the assigned domain will be displayed.
Include all certificates to the PEM file
A single PEM file can contain a number of certificates and a key, for example:
- Public certificate
- Intermidiate Certificate
- Root certificate
- Private key
You should include all the certificates to the PEM file, but not the private key. Otherwise Git clients may receive following error messages when doing operations against repositories.
https://helixteamhub.cloud/hth/projects/platform/repositories/git/insufficient-ssl-cert/': SSL certificate problem: unable to get local issuer certificate
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing.