By default, TLS in the JFrog Platform is disabled. When you enable TLS, all communications to the JFrog Platform are required to use TLS including service-to-service communication within the platform. In the JFrog Platform, Access acts as the CA and signs the TLS certificates used by all the different JFrog Platform services.
Note
Any options you need to set in the TLS certificate requires you to enable TLS.
To enable TLS, set the tls entry (under the security section) in the Access YAML Configuration file to 'true
' and rename it toaccess.config.import.yml
.
security: tls: true
For Artifactory nodes, the root CA is distributed automatically via the database, and there is no need to copy the Access root CA manually.
For every other JFrog product node, copy the Access root CA manually to the location, $JFROG_HOME/{product}/var/etc/security/keys/trusted
. For example, copy the Access root CA to $JFROG_HOME/xray/var/etc/security/keys/trusted
for Xray.
If you need to set trust to the Access CA by an external server, for example a load balancer, you need to load the Access root CA file to the external service key store.