It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to Install SSL Certificate fro BitBucket Edited

Need to install SSL certificate for Bitbucket. I have certificate.

3 answers

0 votes
nic Community Leader Oct 25, 2017

Do you mean you want to run Bitbucket with SSL? 

Or that you need it to use a certificate to reach something?

I need to run BitBucket URL with SSL certificate.

Client has given SSL Certificate fro bitbucket. Dont know how to install on BitBucket. Any Pointers?

nic Community Leader Oct 25, 2017

Not yet because you have not told me if you are trying to run Bitbucket over SSL, or you are trying to connect your Bitbucket to something that is SSL secured.

Request is - Install SSL certificate for BitBucket. 

BitBucket  URL is - http://localhost:7990/admin/db

We have to make https://<ip>:7990.

nic Community Leader Oct 25, 2017

>Install SSL certificate for BitBucket. 

That still does not answer the question, but the next bit finally does.

Next question - do you want to make Bitbucket run itself over https, or do you want to put it behind a proxy that does all the SSL for you?

Want to make Bitbucket run itself over https

Private key password will be given by agency only who created the certificate? and where to install it?

Hey @Maxxazo,

I am working on the same issue. If your trying to be all Atlassian about the set up like I am this link will help you.


Else you can install NGINX or Apache and proxy the connection through either one of them. 

If I remember when I am done with my setup I will post what I did.

Have you installed...Mine certificate is .P12.

Adding Properties on Bit.bucket properties

server.ssl.key-store-password=<password value>
server.ssl.key-password=<password value>

What should i do with Certificate of .P12... 

Key-Store - refers certificate where it is kept in directory.

key-store-password -?


Please let know.....

Hey @Maxxazo

This stack overflow post should help you out a lot. It saved my day. Stackoverflow certificate not X.509

BTW you make the password for your keystore. Make sure your are set to read your custom alias. 

openssl pkcs12 -export \
-name \
-in ~/bitbucket_quckers_com/bitbucket_quckers_com.crt \
-inkey ~/bitbucket.key \
-out ~/tomcat/keystore.p12

sudo /opt/atlassian/bitbucket/5.4.1/jre/bin/keytool -importkeystore \
-destkeystore ~/tomcat/ssl-keystore.jks \
-srckeystore ~/tomcat/keystore.p12 \
-srcstoretype pkcs12 \


server.ssl.enabled=true # See same alias that is specified in the last command stated above.
server.ssl.key-store=/var/atlassian/application-data/bitbucket/shared/config/ssl-keystore.jks # If you leave off the .jks bitbucket has that path set by default. 
server.ssl.key-store-password=lk # password set in process above.
server.ssl.key-password=lkj # password set in process above.

If you follow the docs from here you should be good.

@Maxxazo Side note please don't post 50,000 times in a row to fill up my mail box with notifications. Have some respect, were all busy. 

Is there any error in below server.port=80 server.ssl.enabled=true server.require-ssl=true server.ssl.key-store=D:/Atlassian/ApplicationData/Bitbucket/shared/config/ssl-keystore/<cert name>

server.ssl.key-store-password=changeit server.ssl.key-store-type=pkcs12 server.ssl.key-password=given server.ssl.client-auth=need

Key-store-password and key-password are given certificate owner?

nic Community Leader Oct 30, 2017

No, you need to give the password for the keystore, not the certificate.

0 votes
nic Community Leader Oct 26, 2017

Ok, it seems you're quite confused here.

If you are trying to run Bitbucket over https, and without a proxy, then Ethan's answer is what you need.

However, you've been given a .p12 certificate which is usually a client certificate for connecting to other systems, not for running a server with https.  I'd be very surprised if your .p12 contains a server certificate.

Any Pointers...what should I do for .p12 certificate??

nic Community Leader Oct 26, 2017

You could try converting it, as per Ethan's post, but if it's a client certificate, it's going to be useless to you.

Yeaahhh issue resolved....secured URL!!

Failed to connect to repository : Command "c:\program files \git\bin\git.exe Is remote -h ssh:// HEAD" returned status code 128:stdout
stderr: ssh:connect to host port 7999:Connection refused fatal: Could not read from remote repository.

Please make sure you have right access and repository exists.

Any pointers...why this happened?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder :  #!/bin/bash source "$(dirname "$0")/" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

4,088 views 4 22
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you