Unito takes your security seriously. That's why we have requirements in place for HTTPS, custom ports, and SSL/TSL certificates.Having trouble connecting your server to Unito? Check out this troubleshooting checklist.
Requirements for HTTPS
For self-hosted or on-premise installations — like GitHub Enterprise or Jira — we require that your server be configured with HTTPS using a valid SSL/TLS certificate (or a self-signed certificate, see below). If you are using the cloud-hosted version of the tools, you already have a valid HTTPS configuration.
If you access your server with a URL starting with http:// instead of https://, we will not support your installation because we cannot guarantee your data will be transferred securely over the Internet.
A quick and free way to add HTTPS over an unsecured Jira or GitHub Enterprise instance is to use CloudFlare's Universal SSL. As an alternative, get a free and valid SSL certificate from Let's Encrypt by the Internet Security Research Group (ISRG), or run a tool like ngrok on your server to expose it over HTTPS automatically.
When setting up your server, make sure that you configure the entire SSL certificate trust chain in the PEM file. It will have the form:
(Your Primary SSL certificate: your_domain_name.crt)
(Your Intermediate certificate: your_ssl_provider_intermediate.crt)
(Your Root certificate: your_provider_root_certificate.crt)
You can use this tool to generate your certificates. Please make sure to check the option Include Root Certificate.
Requirements for self-signed SSL/TLS certificates
If your SSL/TLS certificate has been signed by an official Certificate Authority (CA), it is supported out the box. However, if you've self-signed your certificate, an extra setup step is required. You likely have a self-signed certificate if your browser gives you a security warning when you access the Jira or GitHub Enterprise server.
To tell Unito about your self-signed certificate, click the Show advanced settings link to expose the Self-signed SSL/TLS Certificate option when you connect your GitHub Enterprise or Jira server. Paste in the public key of your certificate, in the PEM format.
Important: provide the highest level certificate in the certificate chain.
If the certificate was signed using an internal CA, provide the public key of the top-level CA certificate. If the certificate is stand-alone (no CA), provide the public key of the self-signed certificate itself.
If you have openssl installed on your computer, you can run the following command to get a server's certificate in the PEM format.
We understand all this certificate stuff can be overwhelming. Reach out to us if you need help and we'll walk you through it.
Note: If you're using a Let's Encrypt certification it is validated by a public certificate authority, not self-signed. On-premise installations using this kind of certification can leave the certificate field blank.
Requirements for custom ports
We also support custom HTTPS ports (other than the standard port 443) for self-hosted instances of Jira or GitHub Enterprise.
To specify a custom port, append a colon and the port number to your Jira or GitHub Enterprise URL.