It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SSL Config: PKCS12 keystore works for JIRA/Confluence, but not for Bitbucket Edited


after some trials I've got JIRA and Confluence running with a PKCS12 keystore. However, Bitbucket does not want to play ball.

The JIRA/Confluence config in server.xml is:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"
keystoreType="PKCS12" keystoreFile="/etc/ssl/atl_rl.pfx"
keystorePass="(mypass)" />

The Bitbucket config I've gotten furthest with thus far is:


The PKCS12 store is secured using the password. The keys within do not have passwords.

This leads to a startup error:

2017-07-06 16:48:34,606 ERROR [main]  o.a.coyote.http11.Http11NioProtocol Failed to start end point associated with ProtocolHandler ["https-jsse-nio-8445"]
java.lang.IllegalArgumentException: Get Key failed: Given final block not properly padded

Any help appreciated.

Edit: Versions: atlassian-jira-software-7.3.6-x64.bin, atlassian-confluence-6.2.0-x64.bin, atlassian-bitbucket-5.0.1-x64.bin

2 answers

"Fixed" by converting the keystore to a JKS, and applying the same password to the key within as for the entire key store (using Portecle).

There is a key-alias in the pfx which is needed.

To read it out you use the keytool.


c:\Atlassian\Bitbucket\5.4.1\jre\bin\keytool.exe -list -keystore d:\bitbucket_data\shared\ssl.pfx -storetype PKCS12


The output example:

Your keystore contains 1 entry


le-webserverexportable-bacc585a-1d2b-4702-92f2-78dbcbf4edf7, 12.10.2017, Private


Certificate fingerprint (SHA1): 50:07:CC:EF:F2:C3:14:D8:D2:DF:8A:37:BF:C5:6E:E7:07:D8:11:7B


The alias will be: le-webserverexportable-bacc585a-1d2b-4702-92f2-78dbcbf4edf7


The config:




And I had to use the pfx password for the store and the key:





Then it worked.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Bitbucket

Share your software development horror stories!

Hey Community! I work on the Bitbucket product marketing team. With Halloween approaching, we wanted to discuss a topic tailor-made for October: development horror stories. Whether it was a lurk...

590 views 6 2
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you