GitHub Enterprise uses a self-signed certificate when it is first started. You should configure TLS to use a certificate that is signed by a certificate authority that is trusted by web browsers.

Uploading a custom TLS certificate

  1. Access the Management Console.

  2. At the top of the Management Console, click Settings. Settings tab

  3. In the left sidebar, click Privacy. Privacy sidebar

  4. Select TLS only (recommended). TLS only checkbox

  5. Under "TLS Protocol support", select the protocols you want to allow. TLS Protocol support selection
  6. Under "Certificate", click Choose File to choose a TLS certificate or certificate chain (in PEM format) to install. This file will usually have a .pem, .crt, or .cer extension. Browser for TLS certificate file
  7. Under "Unencrypted key", click Choose File to choose a TLS key (in PEM format) to install. This file will usually have a .key extension. Browser for TLS key

    Warning: Your TLS key must not have a passphrase. For more information, see "Removing the passphrase from your key file".

Further reading