Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,557,130
Community Members
 
Community Events
184
Community Groups

How do I install an existing SSL cert in Bamboo

Greg Cobb
Greg Cobb Jan 17, 2017

We are Bamboo cloud users and as you know the clock is ticking.  I ran the jar based wizard that creates an AWS instance running Bamboo.  That went smooth so A+ on that.  My problem is that I can't figure out how to install an existing SSL cert in Bamboo/Tomcat.  We own a Thawte wildcard cert and need to use that cert for this server.  I see stuff about CSR which sounds like it is for certs that originated from a request from the Bamboo server machine, but the cert I have was obtained in 2015 way before this process so I think I am in a different situation than described in the documentation.  I have a p7s file and I also grabbed a crt version of the cert meant for Apache servers because I saw Tomcat used Apache in some capacity and I had hoped that might work.  I don't know how to get either of these to work using your documentation or Thawte's Tomcat documentation.

Given that you guys coded Bamboo / JIRA to require a cert that is not self-signed to integrate them and the fact that Tomcat's cert process seems to be much more complicated than other servers, this has turned out to be a very frustrating and costly (hours lost) process for us.  I really need someone to help me figure this out or our companies ability to update our software two weeks from now will grind to a halt. 

Answer
Watch
Like # people like this
5791 views

3 answers

0 votes
Dmitry Martynkin
Dmitry Martynkin Aug 24, 2018 • edited May 01, 2019

If you have certificate in PFX format, you can modify server.xml (which is in <bamboo_install_directory>/conf/server.xml) with the following:

<Connector
port="8443"

maxThreads="150" minSpareThreads="25"
connectionTimeout="20000"
disableUploadTimeout="true"
acceptCount="100"

enableLookups="false"
maxHttpHeaderSize="8192"

useBodyEncodingForURI="true"
URIEncoding="UTF-8"
keystorePass="xxxxx"
keystoreType="PKCS12"
keystoreFile="/path/cert.pfx"

scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS"
clientAuth="false"
/>

Reply
0 votes
Przemek Bruski
Przemek Bruski
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jan 18, 2017

Don't focus on Tomcat, install the certificate in  Apache, which already fronts Bamboo and is already configured for SSL support. Since you already have a version of your cert meant to work with Apache, it should be as easy as replacing /etc/apache2/ssl/apache.key and /etc/apache2/ssl/apache.crt files.

Which files do you have atm? p7s is one, what's the other one?

View More Comments
Greg Cobb
Greg Cobb Jan 18, 2017

MYDOMAINNAME_com_apache.crt
MYDOMAINNAME_com_ee.crt 
MYDOMAINNAME_com.p7s

Those are three files I grabbed off of Thawte's site.  I thought to try Apache after I found out Tomcat was "piping" through it.  It didn't work but now that I think back maybe I didnt do it right.  Cant remember if I followed any instructions or if I just edited the config files using my own assumptions on how it was done.  I'm a developer who happens to wear many hats like administering our servers but all that means is I know more than the other people in the office.  I'm still pretty much a noob at being a server admin.  

Like
Przemek Bruski
Przemek Bruski
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jan 18, 2017

Well, you need a public key certificate and it looks like com_apache.crt is what you need. So rename it to apache.crt and put into /etc/apache2/ssl/apache.crt ,

You also need a private key. It's hard to say what's inside p7s. Look here: http://youtube.com/watch?v=TNal4Ke28L8 

Maybe the private key is bundled with the cert, then you need to remove the key entry.

Like
Reply
0 votes
G__Sylvie_Davies__bit-booster_com_
G__Sylvie_Davies__bit-booster_com_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Jan 17, 2017

There is a utility here http://juliusdavies.ca/commons-ssl/utilities.html that can covert Apache style SSL certs into Java Keystore files (that Tomcat likes).   Maybe give that a try?  Look for the "KeyStoreBuilder" section.

Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

See all events