Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence Certificate renewal

Scott Grien
Scott Grien January 26, 2018

We have followed the steps to apply a certificate from a certificate authority to utilize SSL for our Confluence instances and that is working perfectly. We are to the point where the certificate is now expiring and we need to renew. Are there any instructions as to how to properly renew a certificate?

Thanks,


Scott

Answer
Watch
Like Be the first to like this
11320 views

2 answers

1 accepted

2 votes
Answer accepted
Scott Grien
Scott Grien January 30, 2018

After some trial and error, I discovered how to accomplish this without starting from scratch. I'll share it here if others may have the same question. If you've followed the steps in the link I posted above, when it is time to renew the certificate, do the following--

  1. On the server that is hosting Confluence, open an elevated command prompt and navigate to your <Confluence install folder>\jre\bin.
  2.  Issue the following command keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore <location of .keystore file>\.keystore
  3. Submit the certreq.csr file to your certificate authority.
  4. After you receive the new certificate, from the same elevated command prompt location enter the following command keytool –importcert –alias tomcat –keystore <location of .keystore>\.keystore –file <path to new certificate file>
  5. restart the Confluence service.

Hope this helps anyone having the same issue as myself..

Reply
0 votes
Dave Theodore [Coyote Creek Consulting]
Dave Theodore [Coyote Creek Consulting]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 26, 2018

Depends how you set it up. There are 3 common ways of doing SSL termination.

  1. Use a reverse proxy server, such as Apache.
  2. Have Confluence's built-in Tomcat do it.
  3. Use a hardware load balancer.

My recommendation would be to use either a reverse proxy or a hardware load balancer. It is much easier to manage certs with one of those. If you have Confluence managed certs, you will need to restart Confluence in order to activate the new cert and it is a hassle to manage. Additionally, it forces you to run Confluence as root/administrator if you want it to listen on port 443 (bad.)

If you can figure out how it is set up now, give us a bit more info and we can get you going. :)

View More Comments
Scott Grien
Scott Grien January 29, 2018

We followed the instructions posted here to set up Confluence to use HTTPS.

The instructions indicate how to set everything up initially, but there is nothing to indicate what needs to be done when it is time to renew the certificate.

Does the entire procedure need to be performed again, creating an entirely new .keystore file from scratch?

Like
Dave Theodore [Coyote Creek Consulting]
Dave Theodore [Coyote Creek Consulting]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 29, 2018

You can just add to the existing keystore. But, yes, basically just follow the same procedure again.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events