Using your own SSL certificates on the Server
The GoCD server on first startup will create a self-signed SSL certificate that is ready for use by you. However if have your own SSL certificate that you want to use with GoCD, you may replace GoCD's certificate with your own.
Assuming that you have the certificate key (example.com.key) and X509 certificate(example.com.crt)
Change the passphrase of the certificate key
If your key has a passphrase, you must first change the passphrase to
serverKeystorepa55w0rd$ mv example.com.key example.com.key.orig $ openssl rsa -des3 -in example.com.key.orig -out example.com.keyConvert your certificate (
example.com.crt) into PKCS12 format$ openssl pkcs12 -inkey example.com.key -in example.com.crt -export -out example.com.crt.pkcs12Import the PKCS12 key into the keystore
Note: The destination keystore password must be set to
serverKeystorepa55w0rd$ keytool -importkeystore -srckeystore example.com.crt.pkcs12 -srcstoretype PKCS12 -destkeystore keystore -srcalias 1 -destalias cruise -deststorepass 'serverKeystorepa55w0rd' -destkeypass 'serverKeystorepa55w0rd'Replace GoCD server's keystore with the one from above
First backup the original keystore, and replace it with the new keystore
$ sudo su - go -c 'mv /etc/go/keystore /etc/go/keystore.original' $ sudo su - go -c 'mv keystore /etc/go/keystore'Restart the go server
$ sudo /etc/init.d/go-server restart