Use SSL certificates

Use SSL certificates to end to end encrypt your Unity Version Control (UVCS) network traffic. Refer to more information on how to create SSL certificates.

Use the SSL certificate for the UVCS secure channel

By default, the UVCS server SSL channel is configured to listen on port 8088 with the default SSL UVCS SSL certificate.

To use your own self-signed certificate, edit the network.conf file, located in the UVCS server directory. Modify the following values:

  • Edit sslPfxFile to use your .pfx certificate.
  • Edit sslPfxFilePassword to specify the certificate password. To encrypt the password, use the cm crypt command and use the cypher value instead.

Save the network.conf file and restart the UVCS server to apply the changes.

Example configuration file

The following example shows the server network.conf file that uses the new Tardis.pfx certificate and the ciphered password:

[
    {
        "Port" : 8087,
        "Type" : "Tcp",
        "Security" : "None",
        "ReuseAddress" : true
    },
    {
        "Port" : 8088,
        "Type" : "Tcp",
        "Security" : "Ssl",
        "SslPfxFile" : "Tardis.pfx",
        "SslPfxFilePassword" : "|SoC|2ogBDa8GmifTjC7UKp4KuoF0/jWYlXy2",
        "ReceiveTimeoutMsec" : 5000,
        "SendTimeoutMsec" : 5000,
        "ReceiveBufferSizeBytes" : -1,
        "SendBufferSizeBytes" : -1,
        "ReuseAddress" : true
    }

]

Accept and install SSL certificates

You can install the SSL certificates in the following ways:

Use the UVCS GUI

The first time your UVCS GUI uses the SSL port to connect to the UVCS server, the GUI displays a dialog window that prompts you to accept and install the new UVCS server certificate.

Select Yes to add the key to your UVCS key store.

Use the CLI

When you use the UVCS CLI tool, the CLI prompts you to accept and install the UVCS server certificate. Enter Y to select Yes and add the key to your UVCS key store.

Use manual installation

In some situations, you need to accept and install the SSL certificate without your UVCS client. For example, for a replication operation, the UVCS server needs to connect with another UVCS server and since the server itself can't accept a certificate, you need to install the .cer file manually.

Note: The certificate that you install is only valid for the system user that accepts the certificate on the server. If you need to install a certificate for the UVCS server to use, then you need to run the UVCS server or daemon as an Administrator or root user.

Manually install on a Windows server

  1. Open the certmgr.msc tool to install the certificate files (.cer) that can be read by external applications.
  2. Select Action > All tasks > Import.
  3. Select Browse to specify the location of the certificate file.
  4. Select Next to place the certificate file in the Plastic Client store.
  5. Select Finish to install the certificate.

To confirm that the certificate is installed correctly, expand the Plastic Client store to display the installed certificates.

Manually install on a macOS server

To install the certificate on a macOS server, copy the .cer file to a directory. Use the following directory path: /Users/<Your_User>/.config/.mono/certs/Plastic Client.

Note: This only installs the certificate for the system user <Your_User>. If you need to install certificates for other users, repeat the process for each of those users.

Additional resources

Unity logo Documentation
Copyright © 2025 Unity Technologies
"Unity", Unity logos, and other Unity trademarks are trademarks or registered trademarks of Unity Technologies or its affiliates in the U.S. and elsewhere (more info here). Other names or brands are trademarks of their respective owners.