We are Bamboo cloud users and as you know the clock is ticking. I ran the jar based wizard that creates an AWS instance running Bamboo. That went smooth so A+ on that. My problem is that I can't figure out how to install an existing SSL cert in Bamboo/Tomcat. We own a Thawte wildcard cert and need to use that cert for this server. I see stuff about CSR which sounds like it is for certs that originated from a request from the Bamboo server machine, but the cert I have was obtained in 2015 way before this process so I think I am in a different situation than described in the documentation. I have a p7s file and I also grabbed a crt version of the cert meant for Apache servers because I saw Tomcat used Apache in some capacity and I had hoped that might work. I don't know how to get either of these to work using your documentation or Thawte's Tomcat documentation.
Given that you guys coded Bamboo / JIRA to require a cert that is not self-signed to integrate them and the fact that Tomcat's cert process seems to be much more complicated than other servers, this has turned out to be a very frustrating and costly (hours lost) process for us. I really need someone to help me figure this out or our companies ability to update our software two weeks from now will grind to a halt.
If you have certificate in PFX format, you can modify server.xml (which is in <bamboo_install_directory>/conf/server.xml) with the following:
<Connector
port="8443"
maxThreads="150" minSpareThreads="25"
connectionTimeout="20000"
disableUploadTimeout="true"
acceptCount="100"
enableLookups="false"
maxHttpHeaderSize="8192"
useBodyEncodingForURI="true"
URIEncoding="UTF-8"
keystorePass="xxxxx"
keystoreType="PKCS12"
keystoreFile="/path/cert.pfx"
scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS"
clientAuth="false"
/>
Don't focus on Tomcat, install the certificate in Apache, which already fronts Bamboo and is already configured for SSL support. Since you already have a version of your cert meant to work with Apache, it should be as easy as replacing /etc/apache2/ssl/apache.key and /etc/apache2/ssl/apache.crt files.
Which files do you have atm? p7s is one, what's the other one?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
MYDOMAINNAME_com_apache.crt
MYDOMAINNAME_com_ee.crt
MYDOMAINNAME_com.p7s
Those are three files I grabbed off of Thawte's site. I thought to try Apache after I found out Tomcat was "piping" through it. It didn't work but now that I think back maybe I didnt do it right. Cant remember if I followed any instructions or if I just edited the config files using my own assumptions on how it was done. I'm a developer who happens to wear many hats like administering our servers but all that means is I know more than the other people in the office. I'm still pretty much a noob at being a server admin.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, you need a public key certificate and it looks like com_apache.crt is what you need. So rename it to apache.crt and put into /etc/apache2/ssl/apache.crt ,
You also need a private key. It's hard to say what's inside p7s. Look here: http://youtube.com/watch?v=TNal4Ke28L8
Maybe the private key is bundled with the cert, then you need to remove the key entry.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There is a utility here http://juliusdavies.ca/commons-ssl/utilities.html that can covert Apache style SSL certs into Java Keystore files (that Tomcat likes). Maybe give that a try? Look for the "KeyStoreBuilder" section.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.