1. Open command prompt as administrator
2. Create Jira-Key-Store file + add new key to it by Running the following command:
\jre\bin\keytool -keystore "" -alias -storepass "new-password-for-new-key" -deststoretype pkcs12 -genkeypair -keyalg RSA -validity 395 -keysize 2048 -sigalg SHA256withRSA -ext "SAN=IP:,DNS:,DNS:"
Example:
>E:\Atlassian\JIRA\jre\bin\keytool -keystore "E:\Atlassian\JIRA\Jira.jks" -alias "Jira" -storepass "F@bM12024" -deststoretype pkcs12 -genkeypair -keyalg RSA -validity 395 -keysize 2048 -sigalg SHA256withRSA -ext "SAN=IP:10.30.2.76,DNS:npuatjira,DNS:npuatjira.np.com"
then it'll ask a few questions
Ensure that you typed the First & last name (CN) same as previous FQDN
3. Create certificate request file (.csr):
\jre\bin\keytool -certreq -alias "" -keystore "<.jks-file-path>" -storepass "" -ext "SAN=IP:,DNS:,DNS:" -file "<where-to-save-.csr-file"
Example:
>E:\Atlassian\JIRA\jre\bin\keytool -certreq -alias "Jira" -keystore "E:\Atlassian\JIRA\Jira.jks" -storepass "F@bM12024" -ext "SAN=IP:10.30.2.76,DNS:npuatjira,DNS:npuatjira.np.com" -file "E:\Atlassian\JIRA\NPJIRA.csr"
4. Send .csr file to system admin in order to send us back the new generated certificate .cer
5. Generate root certificate (Root.cer) from the new generated certificate
6. Install the new generated certificate on Jira machine
7. Install root certificate (Root.cer) on Jira machine
8. Import 2 certificates (add certificates to keystore):
\jre\bin\keytool -import -alias root -keystore "<.jks-file-path>" -trustcacerts -file ""
\jre\bin\keytool -import -alias "" -keystore "<.jks-file-path>" -trustcacerts -file ""
Example:
>E:\Atlassian\JIRA\jre\bin\keytool -import -alias root -keystore "E:\Atlassian\JIRA\Jira.jks" -trustcacerts -file "C:\root.cer"
>E:\Atlassian\JIRA\jre\bin\keytool -import -alias "Jira" -keystore "E:\Atlassian\JIRA\Jira.jks" -trustcacerts -file "C:\certnew.cer"
9. Add SSL info to Jira configuration by Modifying server.xml file at path (<Jira-installation-directory>\JIRA\conf\)
" relaxedPathChars="[]|" protocol="org.apache.coyote.http11.Http11NioProtocol" minSpareThreads="25" maxThreads="150" maxSpareThreads="75" maxHttpHeaderSize="8192" keystoreType="JKS" keystorePass="" keystoreFile="<.jks-file-path>" keyAlias="" enableLookups="false" disableUploadTimeout="true" connectionTimeout="20000" clientAuth="false" acceptCount="100" SSLEnabled="true"/>
Example:
" relaxedPathChars="[]|" protocol="org.apache.coyote.http11.Http11NioProtocol" minSpareThreads="25" maxThreads="150" maxSpareThreads="75" maxHttpHeaderSize="8192" keystoreType="JKS" keystorePass="F@bM12024" keystoreFile="E:\Atlassian\JIRA\Jira.jks" keyAlias="Jira" enableLookups="false" disableUploadTimeout="true" connectionTimeout="20000" clientAuth="false" acceptCount="100" SSLEnabled="true"/>
10. Restart Jira service
11. Open Jira URL with https & new port 443
Example:
12. Update Jira baseURL to the new URL
13. Ensure that all is OK by:
1- Confirm that Jira URL is opening
2- Confirm that no errors appeared while opening new URL
3- Confirm that no errors appeared while logging to Jira
