Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Error message when trying to generate a self-signed certificate to enable SSL with Stash

Pierre Bouchet
Pierre Bouchet January 13, 2015

Hello everyone,

I'm trying to follow this guide to enable HTTPS on a dedicated server.

I installed Stash 3.5.1 yesterday using the installer, which created a user named atlstash.

However this user does not have a directory with its name in /home. When I follow the instructions and run keytool to generate a self-signed certificate it displays the following error message :

keytool error: java.io.FileNotFoundException: /home/atlstash/.keystore (No such file or directory)

Am I supposed to manually create /home/atlstash?

Best Regards,

Pierre

Answer
Watch
Like Mike Friedrich likes this
25641 views

5 answers

1 accepted

1 vote
Answer accepted
ThiagoBomfim
ThiagoBomfim
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 14, 2015

Hi Pierre,

The atlstash account is a locked account (it cannot be used to log in to the system). It doesn't have a home directory intentionally - that doesn't mean the user failed to be created. Please refer to Running the Stash Installer for more details.

Regarding what you first reported, accept my apologies for not having understood your scenario properly on my first reply.

  • The problem is that, as you performed a " $ su - atlstash ", and if you don't specify the keystore argument while generating the key as the default command as explained in Securing Stash with Tomcat using SSL it is going to fail because the creation of the keystore defaults to the home directory of the user who is generating it (and atlstash doesn't have a home).

  • The solution is to add the keystore parameter to the command we give as an example on Securing Stash with Tomcat using SSL. It has to be somewhere where atlstash has write access. For instance:

    $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore/stash.jks

    Refer to the keytool document for more details on its options.

  • After that, you will have to get your Tomcat to read this file just as I posted on my previous answer (the default is to look for that file in the home directory). Make sure you specify where the keystore file (full path) is in conf/server.xml. Add the following attribute to the connector tag you uncommented:

    keystoreFile="/path/to/keystore/stash.jks"

Let me know how you go.

Best regards,
Thiago Bomfim

 

Reply
1 vote
Michael Vilain
Michael Vilain January 16, 2015

I'm trying to do the same thing as Pierre and the documentation doesn't match the keystore help. The -keystore or -keystoreFile argument to the keytool don't work and print out the following:

/var/atlassian/stash/3.5.1/jre/bin/keytool -alias tomcat -keyalg RSA -keystoreFile /home/atlstash/stash.jks
Illegal option: -keystoreFile
Key and Certificate Management Tool

Commands:

-certreq Generates a certificate request
-changealias Changes an entry's alias
-delete Deletes an entry
-exportcert Exports certificate
-genkeypair Generates a key pair
-genseckey Generates a secret key
-gencert Generates certificate from a certificate request
-importcert Imports a certificate or a certificate chain
-importkeystore Imports one or all entries from another keystore
-keypasswd Changes the key password of an entry
-list Lists entries in a keystore
-printcert Prints the content of a certificate
-printcertreq Prints the content of a certificate request
-printcrl Prints the content of a CRL file
-storepasswd Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

And my installation of stash did create a /home/atlstash directory. The password is "!!" in the Centos 7 shadow file, so the account is locked, but the directory did get created.

When I "su - atlstash", the directory is there but keytool isn't working as advertised.  Any attempt to pass it any argument results in the error message 

"no command provided"

 

[root@stash atlstash]# su - atlstash
[atlstash@stash ~]$ /var/atlassian/stash/3.5.1/jre/bin/keytool -alias tomcat -keyalg RSA
Usage error: no command provided
Key and Certificate Management Tool

Commands:

-certreq Generates a certificate request
-changealias Changes an entry's alias
-delete Deletes an entry
-exportcert Exports certificate
-genkeypair Generates a key pair
-genseckey Generates a secret key
-gencert Generates certificate from a certificate request
-importcert Imports a certificate or a certificate chain
-importkeystore Imports one or all entries from another keystore
-keypasswd Changes the key password of an entry
-list Lists entries in a keystore
-printcert Prints the content of a certificate
-printcertreq Prints the content of a certificate request
-printcrl Prints the content of a CRL file
-storepasswd Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name

Our project to bring stash on-line is blocked until we can bring up it up under ssl.

View More Comments
ThiagoBomfim
ThiagoBomfim
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 18, 2015

Michael, You seem to be using the wrong argument (or option). Please use "-keystore" and not "-keystoreFile". Let us know how you go.

Like
Michael Vilain
Michael Vilain January 18, 2015

-keystore gave the same error. And it's not listed as a valid argument either.

Like
ThiagoBomfim
ThiagoBomfim
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 18, 2015

Additionally, the command line doesn't seem to be complete. As mentioned before that'd be the right one: # $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore/stash.jks You are using: keytool -alias tomcat -keyalg RSA -keystoreFile /home/atlstash/stash.jks Could you please review it?

Like
Michael Vilain
Michael Vilain January 18, 2015

I was able to set $JAVA_HOME to /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64/jre, then run $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore stash.jks and the tool created the keystore in my default directory. Now I have to answer the questions right to generate it for the site, then I think I'll be OK. Thanks for the nudge.

Like
Reply
1 vote
Pierre Bouchet
Pierre Bouchet January 15, 2015

Hi Thiago,

Following your instructions I managed to enable HTTPS. Thanks for the explanations!

Best Regards,

Pierre

View More Comments
ThiagoBomfim
ThiagoBomfim
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 15, 2015

Don't mention it, Pierre! I am glad you're up to speed now! :-)

Like
Reply
0 votes
Pierre Bouchet
Pierre Bouchet January 13, 2015

Hi Thiago,

If I understand correctly, this note is for when Tomcat cannot find the keystore while my problem is that keytool itself cannot find the directory to create the keystore in.

Stash is run by the user atlstash. This user was created by the Stash installer. The directory /home/atlstash does not exist. Does this mean that the installer tried to create it and failed, or merely that I'm the one who has to create it?

Pierre

Reply
0 votes
ThiagoBomfim
ThiagoBomfim
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 13, 2015

Hi Pierre,

There is a note at the bottom of the page you linked that should help you:

Can't find the keystore

java.io.FileNotFoundException: /home/user/.keystore (No such file or directory)

This indicates that Tomcat cannot find the keystore. The keytool utility creates the keystore as a file called .keystore in the current user's home directory. For Unix/Linux the home directory is likely to be /home/<username>. For Windows it is likely to be C:\User\<UserName>.

Make sure you are running Stash as the same user who created the keystore. If this is not the case, or if you are running Stash on Windows as a service, you will need to specify where the keystore file is in conf/server.xml. Add the following attribute to the connector tag you uncommented:

 

keystoreFile="<location of keystore file>"

 

Let us know how you go.

Best regards,
Thiago Bomfim

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events