Running Jira applications over SSL or HTTPS

Mohammad_Mishrif October 29, 2024

1. Open command prompt as administrator

2. Create Jira-Key-Store file + add new key to it by Running the following command:

\jre\bin\keytool -keystore "" -alias  -storepass "new-password-for-new-key" -deststoretype pkcs12 -genkeypair -keyalg RSA -validity 395 -keysize 2048 -sigalg SHA256withRSA -ext "SAN=IP:,DNS:,DNS:"

Example:

>E:\Atlassian\JIRA\jre\bin\keytool -keystore "E:\Atlassian\JIRA\Jira.jks" -alias "Jira" -storepass "F@bM12024" -deststoretype pkcs12 -genkeypair -keyalg RSA -validity 395 -keysize 2048 -sigalg SHA256withRSA -ext "SAN=IP:10.30.2.76,DNS:npuatjira,DNS:npuatjira.np.com"

then it'll ask a few questions

Ensure that you typed the First & last name (CN) same as previous FQDN

 

3. Create certificate request file (.csr):

\jre\bin\keytool -certreq -alias "" -keystore "<.jks-file-path>" -storepass "" -ext "SAN=IP:,DNS:,DNS:" -file "<where-to-save-.csr-file"

Example:

>E:\Atlassian\JIRA\jre\bin\keytool -certreq -alias "Jira" -keystore "E:\Atlassian\JIRA\Jira.jks" -storepass "F@bM12024" -ext "SAN=IP:10.30.2.76,DNS:npuatjira,DNS:npuatjira.np.com" -file "E:\Atlassian\JIRA\NPJIRA.csr"

 

4. Send .csr file to system admin in order to send us back the new generated certificate .cer

5. Generate root certificate (Root.cer) from the new generated certificate

6. Install the new generated certificate on Jira machine

7. Install root certificate (Root.cer) on Jira machine

8. Import 2 certificates (add certificates to keystore):

\jre\bin\keytool -import -alias root -keystore "<.jks-file-path>" -trustcacerts -file ""
\jre\bin\keytool -import -alias "" -keystore "<.jks-file-path>" -trustcacerts -file ""

Example:

>E:\Atlassian\JIRA\jre\bin\keytool -import -alias root -keystore "E:\Atlassian\JIRA\Jira.jks" -trustcacerts -file "C:\root.cer"
>E:\Atlassian\JIRA\jre\bin\keytool -import -alias "Jira" -keystore "E:\Atlassian\JIRA\Jira.jks" -trustcacerts -file "C:\certnew.cer"

 

9. Add SSL info to Jira configuration by Modifying server.xml file at path (<Jira-installation-directory>\JIRA\conf\)

" relaxedPathChars="[]|" protocol="org.apache.coyote.http11.Http11NioProtocol" minSpareThreads="25" maxThreads="150" maxSpareThreads="75" maxHttpHeaderSize="8192" keystoreType="JKS" keystorePass="" keystoreFile="<.jks-file-path>" keyAlias="" enableLookups="false" disableUploadTimeout="true" connectionTimeout="20000" clientAuth="false" acceptCount="100" SSLEnabled="true"/>

Example:

" relaxedPathChars="[]|" protocol="org.apache.coyote.http11.Http11NioProtocol" minSpareThreads="25" maxThreads="150" maxSpareThreads="75" maxHttpHeaderSize="8192" keystoreType="JKS" keystorePass="F@bM12024" keystoreFile="E:\Atlassian\JIRA\Jira.jks" keyAlias="Jira" enableLookups="false" disableUploadTimeout="true" connectionTimeout="20000" clientAuth="false" acceptCount="100" SSLEnabled="true"/>

 

10. Restart Jira service

11. Open Jira URL with https & new port 443

https://<jira-site>:443

Example:

https://jira.com:443

 

12. Update Jira baseURL to the new URL

13. Ensure that all is OK by:

1- Confirm that Jira URL is opening

2- Confirm that no errors appeared while opening new URL

3- Confirm that no errors appeared while logging to Jira

 

 

 

 

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events