SSL Update

Hi all, 

I have put ssl certificate on stash ( *.<domain> ) etc. But now i would like to update it and i can't do it. I have try every tutorial that i can find and still nothing. Can you guys give me some hints on using keytool. Stash is hosted on Linux CentOS 6.5. When i do the keytool import etc. changing the alias and all that. I even remove the keystore.jks and create new one, but still nothing. So i have the new cert files ( .crt .csr .key ) but can't find a way to import it. 

Can you guys give me some hints or tutorial how to import it. 


ps aux |grep -i java
502       1574  0.5 22.8 4193984 1834456 ?     Sl   Oct19 411:07 /opt/atlassian/confluence/jre//bin/java -Djava.util.logging.config.file=/opt/atlassian/confluence/conf/ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:-UseAESIntrinsics -Xms1024m -Xmx1024m -XX:+UseG1GC -Djava.awt.headless=true -Xloggc:/opt/atlassian/confluence/logs/gc-2015-10-19_05-34-30.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M -XX:-PrintGCDetails -XX:+PrintGCTimeStamps -XX:-PrintTenuringDistribution -Djava.endorsed.dirs=/opt/atlassian/confluence/endorsed -classpath /opt/atlassian/confluence/bin/bootstrap.jar:/opt/atlassian/confluence/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/confluence -Dcatalina.home=/opt/atlassian/confluence org.apache.catalina.startup.Bootstrap start
jira      1640  0.4 27.7 5105808 2224480 ?     Sl   Oct19 321:28 /opt/atlassian/jira/jre//bin/java -Djava.util.logging.config.file=/opt/atlassian/jira/conf/ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:MaxPermSize=384m -Xms384m -Xmx2048m -Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory -Datlassian.plugins.enable.wait=300 -XX:+PrintGCDateStamps -XX:-OmitStackTraceInFastThrow -Djava.endorsed.dirs=/opt/atlassian/jira/endorsed -classpath /opt/atlassian/jira/bin/bootstrap.jar:/opt/atlassian/jira/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/jira -Dcatalina.home=/opt/atlassian/jira org.apache.catalina.startup.Bootstrap start
atlstash 17806  1.0 14.4 3905076 1162364 ?     Sl   Dec09  18:52 /opt/atlassian/stash/3.11.2/jre/bin/java -Djava.util.logging.config.file=/opt/atlassian/stash/3.11.2/conf/ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:MaxPermSize=256m -Xms512m -Xmx768m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Datlassian.standalone=STASH -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER=false -Djava.library.path=/opt/atlassian/stash/3.11.2/lib/native:/var/atlassian/application-data/stash/lib/native -Dstash.home=/var/atlassian/application-data/stash -Djava.endorsed.dirs=/opt/atlassian/stash/3.11.2/endorsed -classpath /opt/atlassian/stash/3.11.2/bin/stash-bootstrap.jar:/opt/atlassian/stash/3.11.2/bin/bootstrap.jar:/opt/atlassian/stash/3.11.2/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/stash/3.11.2 -Dcatalina.home=/opt/atlassian/stash/3.11.2 com.atlassian.stash.internal.catalina.startup.Bootstrap start
root     29119  0.0  0.0 103256   868 pts/2    S+   12:22   0:00 grep -i java



Thanks in advanced !

3 answers

First of, make sure you are using the keystore you think you are. a ps auxwww | grep java will probably find a line or more referring to the java process running in this part of the process:

"... ..."

If you have recreated the keystore it should have worked, under the assumption that you did it on the right file.

Once you know that you are looking at the right keystore i would start using the keytool to view all keys in the file and see what you have (and what is missing)

If stash is behind a apache mod proxy or similar, this might be the cert issues you are seeing. Inspecting the (faulty) certificate on the browser side might be able to give you insight in why it's failing.

Hi Jonas, I can't find anything like that with "ps auxwww | grep java". I'm not sure how to find it. But in the "server.xml" which is locate in "/var/atlassian/application-data/stash/shared" in the end of the file (xml) i have put the "<connector port>" with the "keystorefile" ( location of the keystore.jks ) keystorepass etc. And as i say i have remove the keystore.jks create a new one and if needed ill put the new cert from scratch just to work this :). And i don't know how to find the real keystore that is using it. Any hints on that ?

0 votes

Hi Ivan, 

You should able to find the JAVA process running:

ps aux |grep -i java

In case you don't find that (BB server should be running), then raise a ticket with Atlassian Support.



Renato Rudnicki

0 votes

Hi Ivan, I couldn't find any configuration related to SSL in your JAVA setup from Bitbucket Server. Looks like this is not setup properly. I recommend you to raise a ticket to Atlassian. Cheers, Renato

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Thursday in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder :  #!/bin/bash source "$(dirname "$0")/" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

220 views 0 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you