How to Install SSL Certificate fro BitBucket Edited

Need to install SSL certificate for Bitbucket. I have certificate.

3 answers

0 votes

Do you mean you want to run Bitbucket with SSL? 

Or that you need it to use a certificate to reach something?

I need to run BitBucket URL with SSL certificate.

Client has given SSL Certificate fro bitbucket. Dont know how to install on BitBucket. Any Pointers?

Not yet because you have not told me if you are trying to run Bitbucket over SSL, or you are trying to connect your Bitbucket to something that is SSL secured.

Request is - Install SSL certificate for BitBucket. 

BitBucket  URL is - http://localhost:7990/admin/db

We have to make https://<ip>:7990.

>Install SSL certificate for BitBucket. 

That still does not answer the question, but the next bit finally does.

Next question - do you want to make Bitbucket run itself over https, or do you want to put it behind a proxy that does all the SSL for you?

Want to make Bitbucket run itself over https

Private key password will be given by agency only who created the certificate? and where to install it?

0 votes

Hey @Maxxazo,

I am working on the same issue. If your trying to be all Atlassian about the set up like I am this link will help you.

https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-with-tomcat-using-ssl-776640127.html?_ga=2.150788850.571518988.1508786404-121847653.1500571238

 

Else you can install NGINX or Apache and proxy the connection through either one of them. 

If I remember when I am done with my setup I will post what I did.

Have you installed...Mine certificate is .P12.

Adding Properties on Bit.bucket properties

server.port=8443
server.ssl.enabled=true
server.ssl.key-store=/path/to/keystore/bitbucket.jks
server.ssl.key-store-password=<password value>
server.ssl.key-password=<password value>

What should i do with Certificate of .P12... 

Key-Store - refers certificate where it is kept in directory.

key-store-password -?

key-password-?

Please let know.....

Hey @Maxxazo

This stack overflow post should help you out a lot. It saved my day. Stackoverflow certificate not X.509

BTW you make the password for your keystore. Make sure your bitbucket.properties are set to read your custom alias. 

openssl pkcs12 -export \
-name bitbucket.quckers.com \
-in ~/bitbucket_quckers_com/bitbucket_quckers_com.crt \
-inkey ~/bitbucket.key \
-out ~/tomcat/keystore.p12

sudo /opt/atlassian/bitbucket/5.4.1/jre/bin/keytool -importkeystore \
-destkeystore ~/tomcat/ssl-keystore.jks \
-srckeystore ~/tomcat/keystore.p12 \
-srcstoretype pkcs12 \
-alias bitbucket.quckers.com

 

server.ssl.enabled=true
server.ssl.key-alias=bitbucket.quackers.com # See same alias that is specified in the last command stated above.
server.ssl.key-store=/var/atlassian/application-data/bitbucket/shared/config/ssl-keystore.jks # If you leave off the .jks bitbucket has that path set by default. 
server.ssl.key-store-password=lk # password set in process above.
server.ssl.key-password=lkj # password set in process above.

If you follow the docs from here you should be good.

@Maxxazo Side note please don't post 50,000 times in a row to fill up my mail box with notifications. Have some respect, were all busy. 

Is there any error in below bitbucket.properties? server.port=80 server.ssl.enabled=true server.require-ssl=true server.secure=true server.ssl.key-store=D:/Atlassian/ApplicationData/Bitbucket/shared/config/ssl-keystore/<cert name>

server.ssl.key-store-password=changeit server.ssl.key-store-type=pkcs12 server.ssl.key-password=given server.ssl.client-auth=need

Key-store-password and key-password are given certificate owner?

No, you need to give the password for the keystore, not the certificate.

0 votes

Ok, it seems you're quite confused here.

If you are trying to run Bitbucket over https, and without a proxy, then Ethan's answer is what you need.

However, you've been given a .p12 certificate which is usually a client certificate for connecting to other systems, not for running a server with https.  I'd be very surprised if your .p12 contains a server certificate.

Any Pointers...what should I do for .p12 certificate??

You could try converting it, as per Ethan's post, but if it's a client certificate, it's going to be useless to you.

Yeaahhh issue resolved....secured URL!!

Failed to connect to repository : Command "c:\program files \git\bin\git.exe Is remote -h ssh://git@git.vehraius.com:7999/dmp/hybris.git HEAD" returned status code 128:stdout
stderr: ssh:connect to host git.vahraius.com port 7999:Connection refused fatal: Could not read from remote repository.

Please make sure you have right access and repository exists.

Any pointers...why this happened?

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

663 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot