It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Error message when trying to generate a self-signed certificate to enable SSL with Stash

Pierre Bouchet Jan 13, 2015

Hello everyone,

I'm trying to follow this guide to enable HTTPS on a dedicated server.

I installed Stash 3.5.1 yesterday using the installer, which created a user named atlstash.

However this user does not have a directory with its name in /home. When I follow the instructions and run keytool to generate a self-signed certificate it displays the following error message :

keytool error: java.io.FileNotFoundException: /home/atlstash/.keystore (No such file or directory)

Am I supposed to manually create /home/atlstash?

Best Regards,

Pierre

5 answers

1 accepted

1 vote
Answer accepted
Thiago Bomfim Atlassian Team Jan 14, 2015

Hi Pierre,

The atlstash account is a locked account (it cannot be used to log in to the system). It doesn't have a home directory intentionally - that doesn't mean the user failed to be created. Please refer to Running the Stash Installer for more details.

Regarding what you first reported, accept my apologies for not having understood your scenario properly on my first reply.

  • The problem is that, as you performed a " $ su - atlstash ", and if you don't specify the keystore argument while generating the key as the default command as explained in Securing Stash with Tomcat using SSL it is going to fail because the creation of the keystore defaults to the home directory of the user who is generating it (and atlstash doesn't have a home).

  • The solution is to add the keystore parameter to the command we give as an example on Securing Stash with Tomcat using SSL. It has to be somewhere where atlstash has write access. For instance:

    $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore/stash.jks

    Refer to the keytool document for more details on its options.

  • After that, you will have to get your Tomcat to read this file just as I posted on my previous answer (the default is to look for that file in the home directory). Make sure you specify where the keystore file (full path) is in conf/server.xml. Add the following attribute to the connector tag you uncommented:

    keystoreFile="/path/to/keystore/stash.jks"

Let me know how you go.

Best regards,
Thiago Bomfim

 

1 vote
Pierre Bouchet Jan 15, 2015

Hi Thiago,

Following your instructions I managed to enable HTTPS. Thanks for the explanations!

Best Regards,

Pierre

Thiago Bomfim Atlassian Team Jan 15, 2015

Don't mention it, Pierre! I am glad you're up to speed now! :-)

1 vote
Michael Vilain Jan 16, 2015

I'm trying to do the same thing as Pierre and the documentation doesn't match the keystore help. The -keystore or -keystoreFile argument to the keytool don't work and print out the following:

/var/atlassian/stash/3.5.1/jre/bin/keytool -alias tomcat -keyalg RSA -keystoreFile /home/atlstash/stash.jks
Illegal option: -keystoreFile
Key and Certificate Management Tool

Commands:

-certreq Generates a certificate request
-changealias Changes an entry's alias
-delete Deletes an entry
-exportcert Exports certificate
-genkeypair Generates a key pair
-genseckey Generates a secret key
-gencert Generates certificate from a certificate request
-importcert Imports a certificate or a certificate chain
-importkeystore Imports one or all entries from another keystore
-keypasswd Changes the key password of an entry
-list Lists entries in a keystore
-printcert Prints the content of a certificate
-printcertreq Prints the content of a certificate request
-printcrl Prints the content of a CRL file
-storepasswd Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

And my installation of stash did create a /home/atlstash directory. The password is "!!" in the Centos 7 shadow file, so the account is locked, but the directory did get created.

When I "su - atlstash", the directory is there but keytool isn't working as advertised.  Any attempt to pass it any argument results in the error message 

"no command provided"

 

[root@stash atlstash]# su - atlstash
[atlstash@stash ~]$ /var/atlassian/stash/3.5.1/jre/bin/keytool -alias tomcat -keyalg RSA
Usage error: no command provided
Key and Certificate Management Tool

Commands:

-certreq Generates a certificate request
-changealias Changes an entry's alias
-delete Deletes an entry
-exportcert Exports certificate
-genkeypair Generates a key pair
-genseckey Generates a secret key
-gencert Generates certificate from a certificate request
-importcert Imports a certificate or a certificate chain
-importkeystore Imports one or all entries from another keystore
-keypasswd Changes the key password of an entry
-list Lists entries in a keystore
-printcert Prints the content of a certificate
-printcertreq Prints the content of a certificate request
-printcrl Prints the content of a CRL file
-storepasswd Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Our project to bring stash on-line is blocked until we can bring up it up under ssl.

Thiago Bomfim Atlassian Team Jan 18, 2015

Michael, You seem to be using the wrong argument (or option). Please use "-keystore" and not "-keystoreFile". Let us know how you go.

Michael Vilain Jan 18, 2015

-keystore gave the same error. And it's not listed as a valid argument either.

Thiago Bomfim Atlassian Team Jan 18, 2015

Additionally, the command line doesn't seem to be complete. As mentioned before that'd be the right one: # $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore/stash.jks You are using: keytool -alias tomcat -keyalg RSA -keystoreFile /home/atlstash/stash.jks Could you please review it?

Michael Vilain Jan 18, 2015

I was able to set $JAVA_HOME to /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64/jre, then run $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore stash.jks and the tool created the keystore in my default directory. Now I have to answer the questions right to generate it for the site, then I think I'll be OK. Thanks for the nudge.

0 votes
Thiago Bomfim Atlassian Team Jan 13, 2015

Hi Pierre,

There is a note at the bottom of the page you linked that should help you:

Can't find the keystore

java.io.FileNotFoundException: /home/user/.keystore (No such file or directory)

This indicates that Tomcat cannot find the keystore. The keytool utility creates the keystore as a file called .keystore in the current user's home directory. For Unix/Linux the home directory is likely to be /home/<username>. For Windows it is likely to be C:\User\<UserName>.

Make sure you are running Stash as the same user who created the keystore. If this is not the case, or if you are running Stash on Windows as a service, you will need to specify where the keystore file is in conf/server.xml. Add the following attribute to the connector tag you uncommented:

 

keystoreFile="<location of keystore file>"

 

Let us know how you go.

Best regards,
Thiago Bomfim

0 votes
Pierre Bouchet Jan 13, 2015

Hi Thiago,

If I understand correctly, this note is for when Tomcat cannot find the keystore while my problem is that keytool itself cannot find the directory to create the keystore in.

Stash is run by the user atlstash. This user was created by the Stash installer. The directory /home/atlstash does not exist. Does this mean that the installer tried to create it and failed, or merely that I'm the one who has to create it?

Pierre

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder

...ipe.sh :  #!/bin/bash source "$(dirname "$0")/common.sh" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

3,070 views 1 20
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you