SSL Update

Hi all, 

I have put ssl certificate on stash ( *.<domain> ) etc. But now i would like to update it and i can't do it. I have try every tutorial that i can find and still nothing. Can you guys give me some hints on using keytool. Stash is hosted on Linux CentOS 6.5. When i do the keytool import etc. changing the alias and all that. I even remove the keystore.jks and create new one, but still nothing. So i have the new cert files ( .crt .csr .key ) but can't find a way to import it. 

Can you guys give me some hints or tutorial how to import it. 

 

ps aux |grep -i java
502       1574  0.5 22.8 4193984 1834456 ?     Sl   Oct19 411:07 /opt/atlassian/confluence/jre//bin/java -Djava.util.logging.config.file=/opt/atlassian/confluence/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:-UseAESIntrinsics -Xms1024m -Xmx1024m -XX:+UseG1GC -Djava.awt.headless=true -Xloggc:/opt/atlassian/confluence/logs/gc-2015-10-19_05-34-30.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M -XX:-PrintGCDetails -XX:+PrintGCTimeStamps -XX:-PrintTenuringDistribution -Djava.endorsed.dirs=/opt/atlassian/confluence/endorsed -classpath /opt/atlassian/confluence/bin/bootstrap.jar:/opt/atlassian/confluence/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/confluence -Dcatalina.home=/opt/atlassian/confluence -Djava.io.tmpdir=/opt/atlassian/confluence/temp org.apache.catalina.startup.Bootstrap start
jira      1640  0.4 27.7 5105808 2224480 ?     Sl   Oct19 321:28 /opt/atlassian/jira/jre//bin/java -Djava.util.logging.config.file=/opt/atlassian/jira/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:MaxPermSize=384m -Xms384m -Xmx2048m -Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory -Datlassian.plugins.enable.wait=300 -XX:+PrintGCDateStamps -XX:-OmitStackTraceInFastThrow -Djava.endorsed.dirs=/opt/atlassian/jira/endorsed -classpath /opt/atlassian/jira/bin/bootstrap.jar:/opt/atlassian/jira/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/jira -Dcatalina.home=/opt/atlassian/jira -Djava.io.tmpdir=/opt/atlassian/jira/temp org.apache.catalina.startup.Bootstrap start
atlstash 17806  1.0 14.4 3905076 1162364 ?     Sl   Dec09  18:52 /opt/atlassian/stash/3.11.2/jre/bin/java -Djava.util.logging.config.file=/opt/atlassian/stash/3.11.2/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:MaxPermSize=256m -Xms512m -Xmx768m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Datlassian.standalone=STASH -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER=false -Djava.library.path=/opt/atlassian/stash/3.11.2/lib/native:/var/atlassian/application-data/stash/lib/native -Dstash.home=/var/atlassian/application-data/stash -Djava.endorsed.dirs=/opt/atlassian/stash/3.11.2/endorsed -classpath /opt/atlassian/stash/3.11.2/bin/stash-bootstrap.jar:/opt/atlassian/stash/3.11.2/bin/bootstrap.jar:/opt/atlassian/stash/3.11.2/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/stash/3.11.2 -Dcatalina.home=/opt/atlassian/stash/3.11.2 -Djava.io.tmpdir=/opt/atlassian/stash/3.11.2/temp com.atlassian.stash.internal.catalina.startup.Bootstrap start
root     29119  0.0  0.0 103256   868 pts/2    S+   12:22   0:00 grep -i java

 

 

Thanks in advanced !

3 answers

First of, make sure you are using the keystore you think you are. a ps auxwww | grep java will probably find a line or more referring to the java process running in this part of the process:

"...  -Djavax.net.ssl.keyStore=/opt/atlassian/confluence/jre/lib/security/cacerts ..."

If you have recreated the keystore it should have worked, under the assumption that you did it on the right file.

Once you know that you are looking at the right keystore i would start using the keytool to view all keys in the file and see what you have (and what is missing)

If stash is behind a apache mod proxy or similar, this might be the cert issues you are seeing. Inspecting the (faulty) certificate on the browser side might be able to give you insight in why it's failing.

Hi Jonas, I can't find anything like that with "ps auxwww | grep java". I'm not sure how to find it. But in the "server.xml" which is locate in "/var/atlassian/application-data/stash/shared" in the end of the file (xml) i have put the "<connector port>" with the "keystorefile" ( location of the keystore.jks ) keystorepass etc. And as i say i have remove the keystore.jks create a new one and if needed ill put the new cert from scratch just to work this :). And i don't know how to find the real keystore that is using it. Any hints on that ?

0 votes

Hi Ivan, 

You should able to find the JAVA process running:

ps aux |grep -i java

In case you don't find that (BB server should be running), then raise a ticket with Atlassian Support.

 

Regards

Renato Rudnicki

0 votes

Hi Ivan, I couldn't find any configuration related to SSL in your JAVA setup from Bitbucket Server. Looks like this is not setup properly. I recommend you to raise a ticket to Atlassian. Cheers, Renato

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 06, 2018 in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

421 views 5 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you