Default system keystore is in:
$JAVA_HOME/lib/security/jssecacerts
or in:
$JAVA_HOME/lib/security/cacerts
Custom keystore can be set either in /etc/sysconfig/gitbucket by
specifying the following option:
GITBUCKET_JVM_OPTS="-Djavax.net.ssl.trustStore=/path/to/your/cacerts"
or in Gitbucket's System Settings.
Some LDAP server do not allow authenticate with unencrypted password.
This patch is adding the StartTLS support which takes care of the
encryption.
In order to enable the StartTLS, go to "System Settings" and select the
"Enable StartTLS" in the Authentication section. Then make sure that you
add your LDAP certificate into the Java keystore:
$ keytool -import \
-file /etc/pki/tls/certs/cacert.pem \
-alias myName \
-keystore /var/lib/gitbucket/keystore
You can list all keys from the keystore like this:
$ keytool -list -keystore /var/lib/gitbucket/keystore
