SSL Certificates

Manage the lifecycle of trusted SSL certificates to maintain secure, encrypted communication across your services.

This is required when Develocity needs to communicate securely with external services—such as LDAP servers, SAML Identity Providers, or Object Storage—that are secured by a private Certificate Authority (CA).

Configure via the User Interface

To add trusted certificates in the Develocity UI:

Log in to Develocity as a user with Administrator permissions.
Navigate to Administration Network.
Select the SSL Trust tab.
Paste your certificates into the Trusted certificates text area.
- Certificates must be in X.509 PEM format.
- If adding multiple certificates, separate them with a new line.
Click Save to store the settings, then click Apply and restart in the upper-right corner.

Applying the configuration updates the system services and may take several minutes to complete.

SSL Trust Configuration in Develocity UI

Certificate Requirements

Requirement Description

Requirement	Description
Format	Certificates must be Base64 encoded X.509 (`.pem`, `.crt`, `.cer`).
Encoding	Ensure the certificates include the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters.

Format

Certificates must be Base64 encoded X.509 (.pem, .crt, .cer).

Encoding

Ensure the certificates include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- delimiters.

We encourage you to back up your configuration settings regularly to prevent data loss.
You can export settings via the Administration menu by selecting Administration Import/Export Export.

Configure via Unattended Configuration

If you are managing Develocity using a GitOps or automated workflow, you can define the global settings using Unattended Configuration. Depending on your deployment strategy, you can provide these settings either as Integrated configuration within your values.yaml or as a Standalone configuration file.

This ensures that the truststore is automatically populated during deployment.

version: 15
network:
  additionalTrust: |-
    -----BEGIN CERTIFICATE-----
    MIIDkTCCAnmgAwIBAgIUFKF8zaW/8HM4EkYf67tT1FrfVu4wDQYJKoZIhvcNAQEL
    BQAwWDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVy
    bGluMRAwDgYDVQQKDAdBY21lT3JnMRUwEwYDVQQDDAxhY21lLmV4YW1wbGUwHhcN
    MjYwMTI5MDg1NDMxWhcNMjcwMTI5MDg1NDMxWjBYMQswCQYDVQQGEwJERTEPMA0G
    A1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xEDAOBgNVBAoMB0FjbWVPcmcx
    FTATBgNVBAMMDGFjbWUuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
    AQoCggEBALjq/odlmov4bGKZSySg81EqRxGhmqdV4Oo90MdbVlkN9u2NjGzkEAn8
    5o4p2DbILJxXMkb/z2NptGaoFQn3F6VzVKjfcZXtGt/fwT3oJ4WcPKW4kH+toDKD
    QlzZdz+yav/gJZJ5WonZvzPZnvXDFDzhN0yG6yIbvjmxC7a12mKMKX08NH6znClV
    Ru+o78ThHeohwf6gT24TGR7cnTZcTqER3/e6ExQP8Mt814EmYsF0Bm9TjLwGHoFY
    mWWL28M/oXsCMnhI2RFwz3x024Jy4yxCf5AQBwNqQArg3HYwaktkHaxgBdYwuMeG
    hIaavR26XSfwmneMCW/ya1fMpha2AUkCAwEAAaNTMFEwHQYDVR0OBBYEFDViCfJ5
    tOlizJhB9cWXNWtmy1p3MB8GA1UdIwQYMBaAFDViCfJ5tOlizJhB9cWXNWtmy1p3
    MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKaCWXB5vo2SRO1e
    aWl0wlKKKaER49FnZ4WB1Rh89521xr6FzFHIt3ujrEIReGGciWzQ+OyEO2Sdlf9D
    UhzUUI1jAKBhr0CjSggATXCnQCSiEOim0Sw3BNor8C6VABG+CBHeCoQF1A7ZnQAF
    wlhtYWB+r4oO/xfretVCJ24Kun4cBZJevhCyqTp61AdfH4Kp+SmR3F0V2RlKSug0
    hSFKKGRmoEQFFlX2uqulBWpVizcnHOOAturZlchONECDxILfp9EjDoWYgmNZw945
    Ldvlgm7wKgeKgXMLXFcBvQWgvbKa3udXVsSQmVJq11fVwS6rwLamwzjaX8bWAdB2
    U97ctus=
    -----END CERTIFICATE-----

Deployment Templates

Download the appropriate YAML template to begin your infrastructure configuration.

For Develocity versions 2025.3 and prior, see the 2025.2 Administration Guide or the 2025.3 Administration Manual.

Cluster Deployment	Example template for cluster orchestration. gradle-enterprise-config-schema-15.yaml SHA256 ASC ASC SHA256
Standalone Deployment	Example template for standalone setup. gradle-standalone-config-schema-15.yaml \| SHA256 \| ASC \| ASC SHA256

Pre-deployment Checklist

Backup: Export your current settings via Administration Import/export before applying changes.
Deployment: After updating your values.yaml, re-deploy using Helm.
Impact: This triggers service restarts and may take several minutes to complete.

See Unattended Configuration for details.

Technical Notes

System-wide Trust: Certificates added here are added to the Develocity JVM truststore, allowing all internal services to verify connections to your secure endpoints.
Connectivity Testing: If Develocity fails to connect to an internal service after adding a certificate, verify the connection using the Admin CLI to check for SSLHandshakeException errors in the logs.