Confluence with a wildcard certificate

We are running Confluence 4.3.7 with SSL on debian.

We are having trouble importing our new wildcard certificate using the provided tutorial here:

Have also tried the tutorial directly from digicert:

The csr was not generated on the confluence box

Using both tutorials ends with "keytool error: java.lang.Exception: Input not an X.509 certificate"

3 answers

That didn't solve the problem either but I decided to go back and read over the errors I have recieved over the last day working on this and with some help from online articles then problem was my keystore password was different then my certificate password. SO I deleted the keystore, remade it with my cert password and everything imported and is now working.

keytool -importkeystore -deststorepass 123456 -destkeypass 123456 -destkeystore /root/.keystore -destalias server -srckeystore -srcstoretype PKCS12 -srcstorepass 123456

hey charles...

how was the cert file created?

the csr was generated using the OpenSSL CSR Tool on the digicert site.

I see. Do you try to import the csr? Thats only the signing request file and not a certificate

keytool -importcerts -alias server -file star_domain_com.p7b -keystore <keystore_name>

"keytool error: java.lang.Exception: Input not an X.509 certificate"

sorry...didn't work.

Input not an X.509 certificate.


please run this on your box

openssl pkcs7 -chain -print_certs -in star_domain_com.p7b -out star_domain_com.cer

afterwards try importing the cer file.

let me know how it goes

please note: i am not 100% if this will work for you...but i remember not facing any issues using .cer or .crt lets try converting this. don't worry your .p7b still be there.

ok i found another way...lets stick with the p7b

keytool -import -trustcacerts -alias server -file star_domain_com.p7b -keystore <keystore_name>

can you try thisone please?

ps: use comment

keytool -importcert -alias server -file -keystore <keystore_name>

Enter keystore password:********

keytool error: java.lang.Exception: Input not an X.509 certificate

attempting that now, will update you soon.

Ok. But now it is in a new keystore in root/. You must tell tomcat which one to use now cause by default it is inside your confluence_dir/jre/security/lib/cacerts if i remember it right

I can download multiple bundles for the certificates from digitcert I have tried importing a p7b bundle of all certs with a .cer extension unsuccessfully as well.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Feb 06, 2019 in Confluence

Try out the new editing experience

Hi team, I’m Avinoam, a product manager on Confluence Cloud, and today I’m really excited to let the Community know that all customers can now try out the new editing experience and see some of the ...

1,439 views 110 8
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you