YouTrack InCloud Discontinues HTTP Support

We at JetBrains care about the security of our customers’ data. It is extremely important that we keep it safe for you.
As you might know, YouTrack InCloud instances use the HTTPS protocol by default, but this wasn’t always the case. We also give you the option to disable HTTPS for your instance. To make YouTrack more secure, we have decided to discontinue support for HTTP connections.

Who is affected?
This change affects YouTrack InCloud instances where:

  • The instance was registered before December 2015 and is not configured to use HTTPS. Instances created after this date use HTTPS by default.
  • The HTTPS only setting has been manually disabled, allowing unsecured connections over HTTP. To verify this setting, check the Domain Settings page.
  • The instance uses a custom domain name and does not have a valid SSL certificate for the custom domain.
  • The instance accepts HTTP requests from external integrations that use the REST API.

What does it mean?
If you interact with YouTrack in your browser, you basically don’t have to do anything. You will be redirected to use an HTTPS connection automatically.

All of the instances that are hosted on the *.myjetbrains.com domain will switch to HTTPS.

If you have a custom domain set up for your instance, we will automatically generate a certificate signed by Let’s Encrypt for you. You will still be able to set up your own certificates, so no changes will be applied to certificates that were installed previously.

The only situation that requires action on your part is when you have external integrations that access data in YouTrack using the REST API over an unsecured connection. In this case, you need to update these integrations to use HTTPS. Otherwise, the connections are refused and the integration is broken.

When will it happen?
We plan to disable HTTP access in approximately one month. To ensure that your integrations work properly, make sure that all of your applications that use the YouTrack REST API are updated to use HTTPS before then.

Thank you for using YouTrack.
If you have any questions, please contact our support team.

About Natasha Katson

Natasha Katson is a YouTrack and Hub Product Marketing Manager at JetBrains.
This entry was posted in news, newsletter, tips. Bookmark the permalink.

5 Responses to YouTrack InCloud Discontinues HTTP Support

  1. Tammo Schülke says:

    That’s a good step. We’re using an on-premise instance – I’m wondering how people use the workflow editor with cloud instances? Because I could never get it to work via HTTPS. I basically added a firewall rule that lets me access YT on port 8112 unencrypted just so the workflow editor works.

    • jk1 says:

      > I’m wondering how people use the workflow editor with cloud instances?
      It’s enough to make workflow editor trust the certificate your cloud server provides. To do so one should

      1. Obtain a certificate.
      2. Import it into java trustore with a rather complex console command.
      3. Pass the trustore to workflow editor via CLI start parameter.

      The thing is, it’s way easier to use a new in-browser workflow editor.

      • Tammo Schülke says:

        That didn’t work for me. I saved the certificates in X.509 format (both root and intermediate) and ran:
        cd “C:\Program Files (x86)\JetBrains\YouTrack Workflow Editor\jre\”
        bin\keytool.exe -importcert -alias ThawteRoot -file “C:\ProgramData\ThawteRoot.cer” -keystore “lib\security\cacerts” -storepass changeit
        The certificates are successfully added and listed, the connection still fails though. I also configured nginx so YT is the default server to make it work without SNI.
        I guess the bundled JRE is so old that it doesn’t support sane TLS ciphers.

  2. James Johnson says:

    When will the Let’s Encrypt certificates be installed? I’d like to be able to test that my code using the REST API works just fine with the final configuration before HTTP support is turned off.

    • Natasha Katson says:

      We don’t have specific dates yet, but if your rest client trusts Let’s Encrypt root CA, then everything is expected to work just fine.

Leave a Reply

Your email address will not be published. Required fields are marked *