When providing your own custom TLS certificate, you will need to provide the matching private key. The certificate will be used by ports 8081 (Artifactory) and 8082 (the Platform router).
By default the JFrog Platform (from Artifactory 7.x and above) requires two public ports. You will need to ensure that both ports are using the same certificate.
8081: served by Artifactory (running on Tomcat)
8082: served by the router
Custom Certificate and CA Prerequisites
Your custom certificate must meet the following prerequisites.
The private key must use the RSA algorithm
The private key must be at least 1024-bit
The certificate must match the provided private key
The certificate's issuer must match the CA certificate subject
The certificate's subject must match the property
shared.node.ip
fromsystem.yaml
The certificate's Subject Alternative Names (SAN) must include the certificate's subject
Key usage extension must be marked CRITICAL
Key usage
digitalSignature
extension must be enabledKey usage
keyEncipherment
extension must be enabledExtended key usage
tlsWebServerAuthentication
must be enabledExtended key usage
tlsWebClientAuthentication
must be enabled