Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL Update

Ivan59
Ivan December 9, 2015

Hi all, 

I have put ssl certificate on stash ( *.<domain> ) etc. But now i would like to update it and i can't do it. I have try every tutorial that i can find and still nothing. Can you guys give me some hints on using keytool. Stash is hosted on Linux CentOS 6.5. When i do the keytool import etc. changing the alias and all that. I even remove the keystore.jks and create new one, but still nothing. So i have the new cert files ( .crt .csr .key ) but can't find a way to import it. 

Can you guys give me some hints or tutorial how to import it. 

 

ps aux |grep -i java
502       1574  0.5 22.8 4193984 1834456 ?     Sl   Oct19 411:07 /opt/atlassian/confluence/jre//bin/java -Djava.util.logging.config.file=/opt/atlassian/confluence/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:-UseAESIntrinsics -Xms1024m -Xmx1024m -XX:+UseG1GC -Djava.awt.headless=true -Xloggc:/opt/atlassian/confluence/logs/gc-2015-10-19_05-34-30.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M -XX:-PrintGCDetails -XX:+PrintGCTimeStamps -XX:-PrintTenuringDistribution -Djava.endorsed.dirs=/opt/atlassian/confluence/endorsed -classpath /opt/atlassian/confluence/bin/bootstrap.jar:/opt/atlassian/confluence/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/confluence -Dcatalina.home=/opt/atlassian/confluence -Djava.io.tmpdir=/opt/atlassian/confluence/temp org.apache.catalina.startup.Bootstrap start
jira      1640  0.4 27.7 5105808 2224480 ?     Sl   Oct19 321:28 /opt/atlassian/jira/jre//bin/java -Djava.util.logging.config.file=/opt/atlassian/jira/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:MaxPermSize=384m -Xms384m -Xmx2048m -Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory -Datlassian.plugins.enable.wait=300 -XX:+PrintGCDateStamps -XX:-OmitStackTraceInFastThrow -Djava.endorsed.dirs=/opt/atlassian/jira/endorsed -classpath /opt/atlassian/jira/bin/bootstrap.jar:/opt/atlassian/jira/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/jira -Dcatalina.home=/opt/atlassian/jira -Djava.io.tmpdir=/opt/atlassian/jira/temp org.apache.catalina.startup.Bootstrap start
atlstash 17806  1.0 14.4 3905076 1162364 ?     Sl   Dec09  18:52 /opt/atlassian/stash/3.11.2/jre/bin/java -Djava.util.logging.config.file=/opt/atlassian/stash/3.11.2/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:MaxPermSize=256m -Xms512m -Xmx768m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Datlassian.standalone=STASH -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER=false -Djava.library.path=/opt/atlassian/stash/3.11.2/lib/native:/var/atlassian/application-data/stash/lib/native -Dstash.home=/var/atlassian/application-data/stash -Djava.endorsed.dirs=/opt/atlassian/stash/3.11.2/endorsed -classpath /opt/atlassian/stash/3.11.2/bin/stash-bootstrap.jar:/opt/atlassian/stash/3.11.2/bin/bootstrap.jar:/opt/atlassian/stash/3.11.2/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/stash/3.11.2 -Dcatalina.home=/opt/atlassian/stash/3.11.2 -Djava.io.tmpdir=/opt/atlassian/stash/3.11.2/temp com.atlassian.stash.internal.catalina.startup.Bootstrap start
root     29119  0.0  0.0 103256   868 pts/2    S+   12:22   0:00 grep -i java

 

 

Thanks in advanced !

Answer
Watch
Like Be the first to like this
435 views

3 answers

1 vote
Jonas Andersson
Jonas Andersson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 9, 2015

First of, make sure you are using the keystore you think you are. a ps auxwww | grep java will probably find a line or more referring to the java process running in this part of the process:

"...  -Djavax.net.ssl.keyStore=/opt/atlassian/confluence/jre/lib/security/cacerts ..."

If you have recreated the keystore it should have worked, under the assumption that you did it on the right file.

Once you know that you are looking at the right keystore i would start using the keytool to view all keys in the file and see what you have (and what is missing)

If stash is behind a apache mod proxy or similar, this might be the cert issues you are seeing. Inspecting the (faulty) certificate on the browser side might be able to give you insight in why it's failing.

View More Comments
Ivan59
Ivan December 10, 2015

Hi Jonas, I can't find anything like that with "ps auxwww | grep java". I'm not sure how to find it. But in the "server.xml" which is locate in "/var/atlassian/application-data/stash/shared" in the end of the file (xml) i have put the "<connector port>" with the "keystorefile" ( location of the keystore.jks ) keystorepass etc. And as i say i have remove the keystore.jks create a new one and if needed ill put the new cert from scratch just to work this :). And i don't know how to find the real keystore that is using it. Any hints on that ?

Like
Reply
0 votes
rrudnicki
rrudnicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 10, 2015

Hi Ivan, I couldn't find any configuration related to SSL in your JAVA setup from Bitbucket Server. Looks like this is not setup properly. I recommend you to raise a ticket to Atlassian. Cheers, Renato

Reply
0 votes
rrudnicki
rrudnicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 10, 2015

Hi Ivan, 

You should able to find the JAVA process running:

ps aux |grep -i java

In case you don't find that (BB server should be running), then raise a ticket with Atlassian Support.

 

Regards

Renato Rudnicki

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events