Confluence with a wildcard certificate

We are running Confluence 4.3.7 with SSL on debian.

We are having trouble importing our new wildcard certificate using the provided tutorial here:

https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS

Have also tried the tutorial directly from digicert:

http://www.digicert.com/ssl-certificate-installation-tomcat.htm

The csr was not generated on the confluence box

Using both tutorials ends with "keytool error: java.lang.Exception: Input not an X.509 certificate"

3 answers

That didn't solve the problem either but I decided to go back and read over the errors I have recieved over the last day working on this and with some help from online articles then problem was my keystore password was different then my certificate password. SO I deleted the keystore, remade it with my cert password and everything imported and is now working.

keytool -importkeystore -deststorepass 123456 -destkeypass 123456 -destkeystore /root/.keystore -destalias server -srckeystore star.domain.com.pfx -srcstoretype PKCS12 -srcstorepass 123456

hey charles...

how was the cert file created?

the csr was generated using the OpenSSL CSR Tool on the digicert site.

I see. Do you try to import the csr? Thats only the signing request file and not a certificate

keytool -importcerts -alias server -file star_domain_com.p7b -keystore <keystore_name>

"keytool error: java.lang.Exception: Input not an X.509 certificate"

sorry...didn't work.

Input not an X.509 certificate.

ok.

please run this on your box

openssl pkcs7 -chain -print_certs -in star_domain_com.p7b -out star_domain_com.cer

afterwards try importing the cer file.

let me know how it goes

please note: i am not 100% if this will work for you...but i remember not facing any issues using .cer or .crt files...so lets try converting this. don't worry your .p7b still be there.

ok i found another way...lets stick with the p7b

keytool -import -trustcacerts -alias server -file star_domain_com.p7b -keystore <keystore_name>

can you try thisone please?

ps: use comment

keytool -importcert -alias server -file star_domain.com.cer -keystore <keystore_name>

Enter keystore password:********

keytool error: java.lang.Exception: Input not an X.509 certificate

attempting that now, will update you soon.

Ok. But now it is in a new keystore in root/. You must tell tomcat which one to use now cause by default it is inside your confluence_dir/jre/security/lib/cacerts if i remember it right

I can download multiple bundles for the certificates from digitcert I have tried importing a p7b bundle of all certs with a .cer extension unsuccessfully as well.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

365 views 20 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you