We have an internal Stash and JIRA environment working great. We decided that we want to have both these to be delivered over SSL utilizing a self-signed cert. So as I have looked at it, I see that the process to do both of these is slightly different. I'd prefer the process to be similar for maintenance.
Documented Stash Process In A Nutshell
I'd prefer the process be more like the JIRA documentation to wit. Can I make the generated key alias stash? then add something like the JIRA connector config parameters modified below?
Hi Patrick, If the Application Link is already created, it must be re-created, using the new Base URLs of both apps. You also need to make sure they'll be able to communicate via SSL, so the proper certificates need to be imported into the truststore used by each app. Regards, Gustavo Refosco
Thanks Gustavo, Yes I had the non-ssl http environment working including application links between Stash and JIRA. I got SSL working on both JIRA and Stash, and I went to Application Links and put the new https url in after clicking Relocate. But both now say that the link is not responding. OK seeing I'm made my big SSL change that would make sense. But I'm not sure how to import the proper certificates to enable this communcitation between the two apps. You say I need to do this in the truststore (keystore?) used by each Stash and Jira? I'm not sure how I do that. The environment -> each app uses the keystore call /opt/atlassian-common/atlassian.jks with only one key named either stash or jira. Could you advise what I need to do to get them communicating with each other?
Say for JIRA I tried exporting the Stash cert from the chrome that was connected to stash using Export-DER cert. Then using portecle, I imported the it as Trusted Certificate. Then I did the Examine SSL/TSL of the stash system port 8443 and this appeared to have worked fine as it showed me the cert from stash. I did the same for Stash for the JIRA connection. Then I re-started both Stash and JIRA. Checked the app links but neither connect to the https url. BTW I can cut and paste the app links url into a browser and it works. Next I tried the above with a cert exported from Portecle-Export-Head-DER. This also had the same result. So I think I'm still not able to get the Stash and JIRA servers to SSL with each other. What am I missing? Is the truststore different then the keystore?
Hi Patrick, Yes, they are different. I'd like to point you to the document https://confluence.atlassian.com/display/FISHKB/PKIX+Path+Building+Failed+-+Cannot+Set+Up+Trusted+Applications+To+SSL+Services as it may help you importing the certificates. It basically gives you steps on how to import your certs into your truststores. To clarify, you need to find out the JVM being used by each application, and them import the certs as needed in its truststore. You should be able to find out the JVM being used by each application in the app's Administration > Atlassian Support Tools > System Information. The default truststore for the JVM is then JAVA_HOME/jre/lib/security/cacerts - the default password for cacerts is "changeit". Regards, Gustavo Refosco
OK that did it. The SSLPoke really helped (gonna keep that one handy...). We use Oracle Java so the truststore is /usr/java/default/jre/lib/security/cacerts. I noticed that I didn't have to restart Stash and JIRA once I got the certs imported. Either exported certs work (exported in Portecle or Chrome). Thanks Gustavo!
Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot