Step 1: Enable TLS in the JFrog Platform

JFrog Installation & Setup Documentation

Content Type
Installation & Setup

By default, TLS in the JFrog Platform is disabled. When you enable TLS, all communications to the JFrog Platform are required to use TLS including service-to-service communication within the platform. In the JFrog Platform, Access acts as the CA and signs the TLS certificates used by all the different JFrog Platform services.


Any options you need to set in the TLS certificate requires you to enable TLS.

To enable TLS, set the tls entry (under the security section) in the Access YAML Configuration file to 'true' and rename it toaccess.config.import.yml.

  tls: true

For Artifactory nodes, the root CA is distributed automatically via the database, and there is no need to copy the Access root CA manually.

For every other JFrog product node, copy the Access root CA manually to the location, $JFROG_HOME/{product}/var/etc/security/keys/trusted. For example, copy the Access root CA to $JFROG_HOME/xray/var/etc/security/keys/trusted for Xray.

If you need to set trust to the Access CA by an external server, for example a load balancer, you need to load the Access root CA file to the external service key store.