Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Running Crowd over HTTPS

Richard Sylvester
Richard Sylvester
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 7, 2025

Hi Guys,

I have Crowd running in Kubernetes (installed via Helm). Is anyone able to give me step-by-step instructions on getting it running over HTTPS? I have already got a signed certificate to import. 

Thanks in advance.

 

Answer
Watch
Like Be the first to like this
17 views

1 answer

0 votes
Tomislav Tobijas
Tomislav Tobijas
Community Champion
November 7, 2025

Hi @Richard Sylvester ,

I never actually did this, but I managed to find the following:

Terminate SSL at the Ingress Controller (might be recommended)

  • The best practice is to terminate SSL at your Kubernetes Ingress (e.g., NGINX, AWS ALB). This means HTTPS is handled at the edge, and traffic inside the cluster is HTTP.

  • Store your signed certificate as a Kubernetes Secret.

  • Configure your Ingress resource to use this Secret for TLS termination.

  • This approach is simpler and easier to maintain

And if you need HTTPS directly in the Crowd Pod...

Option 1: Pre-Built Java Truststore as a Kubernetes Secret (Recommended)

  • On your workstation, import your signed certificate into a Java keystore:

    keytool -import -trustcacerts -alias mycert -file /path/to/your.crt -keystore keystore.jks -storepass <password>

  • Create a Kubernetes Secret from the keystore:

    kubectl create secret generic crowd-keystore --from-file=keystore.jks=/path/to/keystore.jks -n <namespace>

  • In your Helm values, mount the Secret and set JVM arguments:

    volumes:
  - name: crowd-keystore
    secret:
      secretName: crowd-keystore
volumeMounts:
  - name: crowd-keystore
    mountPath: /var/opt/crowd-keystore
    readOnly: true
env:
  - name: JVM_SUPPORT_RECOMMENDED_ARGS
    value: "-Djavax.net.ssl.trustStore=/var/opt/crowd-keystore/keystore.jks -Djavax.net.ssl.trustStorePassword=<password>"

  • Update Crowd’s configuration (e.g., server.xml) to enable HTTPS and point to your keystore.

Option 2: Dynamic Truststore Generation Using an Init Container

  • Store your certificate as a Kubernetes Secret.

  • Use an init container to import the certificate into a new keystore at pod startup.

  • Mount the generated keystore and set JVM arguments as above.

Option 3: Custom Docker Image

  • Build a custom Crowd image with your certificate imported into the Java truststore during the build process.

  • Use this image in your Helm deployment.

But I've never actually executed this. Been a while since I've played with server configs and SSLs (can't say I miss it that much) 😅

Hopefully, someone actually did configure it, so maybe they can provide some additional details.

Cheers,
Tobi

Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
DEPLOYMENT TYPE
SERVER
VERSION
7.1.0
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security