GitHub Enterprise uses a self-signed certificate when it is first started. You should configure TLS to use a certificate that is signed by a certificate authority that is trusted by web browsers.

Uploading a custom TLS certificate

  1. Access the Management Console.

  2. At the top of the Management Console, click Settings. Settings tab

  3. In the left sidebar, click Privacy. Privacy sidebar

  4. Select TLS only (recommended). TLS only checkbox

  5. Under "TLS Protocol support", select the protocols you want to allow. TLS Protocol support selection
  6. Under "Certificate", click Choose File to choose a TLS certificate or certificate chain (in PEM format) to install. This file will usually have a .pem, .crt, or .cer extension. Browser for TLS certificate file
  7. Under "Unencrypted key", click Choose File to choose a TLS key (in PEM format) to install. This file will usually have a .key extension. Browser for TLS key

    Warning: Your TLS key must not have a passphrase. For more information, see "Removing the passphrase from your key file".

Configuring TLS using Let's Encrypt

To use Let's Encrypt automation, your appliance must be configured with a hostname that is publicly accessible over HTTP. The appliance must also be allowed to make outbound HTTPS connections.

  1. Access the Management Console.

  2. At the top of the Management Console, click Settings. Settings tab

  3. In the left sidebar, click Privacy. Privacy sidebar

  4. Select TLS only (recommended). TLS only checkbox

  5. Select the Enable automation of TLS certificate management using Let's Encrypt. Let's Encrypt checkbox
  6. On the left side of the page, click Save settings to reconfigure your appliance. Return to the Privacy page of your Management Console. Save privacy settings button
  7. Click Request TLS certificate. Request TLS button
  8. Click Save configuration.

Further reading