I have put ssl certificate on stash ( *.<domain> ) etc. But now i would like to update it and i can't do it. I have try every tutorial that i can find and still nothing. Can you guys give me some hints on using keytool. Stash is hosted on Linux CentOS 6.5. When i do the keytool import etc. changing the alias and all that. I even remove the keystore.jks and create new one, but still nothing. So i have the new cert files ( .crt .csr .key ) but can't find a way to import it.
Can you guys give me some hints or tutorial how to import it.
ps aux |grep -i java 502 1574 0.5 22.8 4193984 1834456 ? Sl Oct19 411:07 /opt/atlassian/confluence/jre//bin/java -Djava.util.logging.config.file=/opt/atlassian/confluence/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:-UseAESIntrinsics -Xms1024m -Xmx1024m -XX:+UseG1GC -Djava.awt.headless=true -Xloggc:/opt/atlassian/confluence/logs/gc-2015-10-19_05-34-30.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M -XX:-PrintGCDetails -XX:+PrintGCTimeStamps -XX:-PrintTenuringDistribution -Djava.endorsed.dirs=/opt/atlassian/confluence/endorsed -classpath /opt/atlassian/confluence/bin/bootstrap.jar:/opt/atlassian/confluence/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/confluence -Dcatalina.home=/opt/atlassian/confluence -Djava.io.tmpdir=/opt/atlassian/confluence/temp org.apache.catalina.startup.Bootstrap start jira 1640 0.4 27.7 5105808 2224480 ? Sl Oct19 321:28 /opt/atlassian/jira/jre//bin/java -Djava.util.logging.config.file=/opt/atlassian/jira/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:MaxPermSize=384m -Xms384m -Xmx2048m -Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory -Datlassian.plugins.enable.wait=300 -XX:+PrintGCDateStamps -XX:-OmitStackTraceInFastThrow -Djava.endorsed.dirs=/opt/atlassian/jira/endorsed -classpath /opt/atlassian/jira/bin/bootstrap.jar:/opt/atlassian/jira/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/jira -Dcatalina.home=/opt/atlassian/jira -Djava.io.tmpdir=/opt/atlassian/jira/temp org.apache.catalina.startup.Bootstrap start atlstash 17806 1.0 14.4 3905076 1162364 ? Sl Dec09 18:52 /opt/atlassian/stash/3.11.2/jre/bin/java -Djava.util.logging.config.file=/opt/atlassian/stash/3.11.2/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:MaxPermSize=256m -Xms512m -Xmx768m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Datlassian.standalone=STASH -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER=false -Djava.library.path=/opt/atlassian/stash/3.11.2/lib/native:/var/atlassian/application-data/stash/lib/native -Dstash.home=/var/atlassian/application-data/stash -Djava.endorsed.dirs=/opt/atlassian/stash/3.11.2/endorsed -classpath /opt/atlassian/stash/3.11.2/bin/stash-bootstrap.jar:/opt/atlassian/stash/3.11.2/bin/bootstrap.jar:/opt/atlassian/stash/3.11.2/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/stash/3.11.2 -Dcatalina.home=/opt/atlassian/stash/3.11.2 -Djava.io.tmpdir=/opt/atlassian/stash/3.11.2/temp com.atlassian.stash.internal.catalina.startup.Bootstrap start root 29119 0.0 0.0 103256 868 pts/2 S+ 12:22 0:00 grep -i java
Thanks in advanced !
First of, make sure you are using the keystore you think you are. a ps auxwww | grep java will probably find a line or more referring to the java process running in this part of the process:
"... -Djavax.net.ssl.keyStore=/opt/atlassian/confluence/jre/lib/security/cacerts ..."
If you have recreated the keystore it should have worked, under the assumption that you did it on the right file.
Once you know that you are looking at the right keystore i would start using the keytool to view all keys in the file and see what you have (and what is missing)
If stash is behind a apache mod proxy or similar, this might be the cert issues you are seeing. Inspecting the (faulty) certificate on the browser side might be able to give you insight in why it's failing.
Hi Jonas, I can't find anything like that with "ps auxwww | grep java". I'm not sure how to find it. But in the "server.xml" which is locate in "/var/atlassian/application-data/stash/shared" in the end of the file (xml) i have put the "<connector port>" with the "keystorefile" ( location of the keystore.jks ) keystorepass etc. And as i say i have remove the keystore.jks create a new one and if needed ill put the new cert from scratch just to work this :). And i don't know how to find the real keystore that is using it. Any hints on that ?
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot