Error message when trying to generate a self-signed certificate to enable SSL with Stash

Hello everyone,

I'm trying to follow this guide to enable HTTPS on a dedicated server.

I installed Stash 3.5.1 yesterday using the installer, which created a user named atlstash.

However this user does not have a directory with its name in /home. When I follow the instructions and run keytool to generate a self-signed certificate it displays the following error message :

keytool error: java.io.FileNotFoundException: /home/atlstash/.keystore (No such file or directory)

Am I supposed to manually create /home/atlstash?

Best Regards,

Pierre

5 answers

1 accepted

1 vote

Hi Pierre,

The atlstash account is a locked account (it cannot be used to log in to the system). It doesn't have a home directory intentionally - that doesn't mean the user failed to be created. Please refer to Running the Stash Installer for more details.

Regarding what you first reported, accept my apologies for not having understood your scenario properly on my first reply.

  • The problem is that, as you performed a " $ su - atlstash ", and if you don't specify the keystore argument while generating the key as the default command as explained in Securing Stash with Tomcat using SSL it is going to fail because the creation of the keystore defaults to the home directory of the user who is generating it (and atlstash doesn't have a home).

  • The solution is to add the keystore parameter to the command we give as an example on Securing Stash with Tomcat using SSL. It has to be somewhere where atlstash has write access. For instance:

    $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore/stash.jks

    Refer to the keytool document for more details on its options.

  • After that, you will have to get your Tomcat to read this file just as I posted on my previous answer (the default is to look for that file in the home directory). Make sure you specify where the keystore file (full path) is in conf/server.xml. Add the following attribute to the connector tag you uncommented:

    keystoreFile="/path/to/keystore/stash.jks"

Let me know how you go.

Best regards,
Thiago Bomfim

 

Hi Thiago,

Following your instructions I managed to enable HTTPS. Thanks for the explanations!

Best Regards,

Pierre

Don't mention it, Pierre! I am glad you're up to speed now! :-)

I'm trying to do the same thing as Pierre and the documentation doesn't match the keystore help. The -keystore or -keystoreFile argument to the keytool don't work and print out the following:

/var/atlassian/stash/3.5.1/jre/bin/keytool -alias tomcat -keyalg RSA -keystoreFile /home/atlstash/stash.jks
Illegal option: -keystoreFile
Key and Certificate Management Tool

Commands:

-certreq Generates a certificate request
-changealias Changes an entry's alias
-delete Deletes an entry
-exportcert Exports certificate
-genkeypair Generates a key pair
-genseckey Generates a secret key
-gencert Generates certificate from a certificate request
-importcert Imports a certificate or a certificate chain
-importkeystore Imports one or all entries from another keystore
-keypasswd Changes the key password of an entry
-list Lists entries in a keystore
-printcert Prints the content of a certificate
-printcertreq Prints the content of a certificate request
-printcrl Prints the content of a CRL file
-storepasswd Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

And my installation of stash did create a /home/atlstash directory. The password is "!!" in the Centos 7 shadow file, so the account is locked, but the directory did get created.

When I "su - atlstash", the directory is there but keytool isn't working as advertised.  Any attempt to pass it any argument results in the error message 

"no command provided"

 

[root@stash atlstash]# su - atlstash
[atlstash@stash ~]$ /var/atlassian/stash/3.5.1/jre/bin/keytool -alias tomcat -keyalg RSA
Usage error: no command provided
Key and Certificate Management Tool

Commands:

-certreq Generates a certificate request
-changealias Changes an entry's alias
-delete Deletes an entry
-exportcert Exports certificate
-genkeypair Generates a key pair
-genseckey Generates a secret key
-gencert Generates certificate from a certificate request
-importcert Imports a certificate or a certificate chain
-importkeystore Imports one or all entries from another keystore
-keypasswd Changes the key password of an entry
-list Lists entries in a keystore
-printcert Prints the content of a certificate
-printcertreq Prints the content of a certificate request
-printcrl Prints the content of a CRL file
-storepasswd Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Our project to bring stash on-line is blocked until we can bring up it up under ssl.

Michael, You seem to be using the wrong argument (or option). Please use "-keystore" and not "-keystoreFile". Let us know how you go.

-keystore gave the same error. And it's not listed as a valid argument either.

Additionally, the command line doesn't seem to be complete. As mentioned before that'd be the right one: # $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore/stash.jks You are using: keytool -alias tomcat -keyalg RSA -keystoreFile /home/atlstash/stash.jks Could you please review it?

I was able to set $JAVA_HOME to /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64/jre, then run $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore stash.jks and the tool created the keystore in my default directory. Now I have to answer the questions right to generate it for the site, then I think I'll be OK. Thanks for the nudge.

0 vote

Hi Pierre,

There is a note at the bottom of the page you linked that should help you:

Can't find the keystore

java.io.FileNotFoundException: /home/user/.keystore (No such file or directory)

This indicates that Tomcat cannot find the keystore. The keytool utility creates the keystore as a file called .keystore in the current user's home directory. For Unix/Linux the home directory is likely to be /home/<username>. For Windows it is likely to be C:\User\<UserName>.

Make sure you are running Stash as the same user who created the keystore. If this is not the case, or if you are running Stash on Windows as a service, you will need to specify where the keystore file is in conf/server.xml. Add the following attribute to the connector tag you uncommented:

 

keystoreFile="<location of keystore file>"

 

Let us know how you go.

Best regards,
Thiago Bomfim

Hi Thiago,

If I understand correctly, this note is for when Tomcat cannot find the keystore while my problem is that keytool itself cannot find the directory to create the keystore in.

Stash is run by the user atlstash. This user was created by the Stash installer. The directory /home/atlstash does not exist. Does this mean that the installer tried to create it and failed, or merely that I'm the one who has to create it?

Pierre

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

175 views 20 8
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you