Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Converting Confluence to use HTTPS and getting a "refused to connect" error

Joe Roper
Joe Roper October 5, 2022

Converting Confluence 7.15 to use HTTPS and getting a "refused to connect" error.  Verified that certificate from CA imported correctly and modified server.xml file to uncomment the HTTPS section and add path to the keystore file and the keystore password.  But when running the netstat command: netstat -na | find "8443", nothing returns, so Confluence is not listening on that port although that is the HTTPS port configured in server.xml.

Capture1.JPG

I have restarted the Windows service several time so trying different things.

Is there other configuration required in Confluence that I either missed in the documentation or is not there?

Answer
Watch
Like Be the first to like this
406 views

1 answer

0 votes
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 6, 2022

Hi @Joe Roper ,

did u read the following how-to article https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html ?

Fabio

View More Comments
Joe Roper
Joe Roper October 6, 2022

Hi Fabio,  yes that is the document that I used for the conversion.  I followed the steps but still receive a "Refused to connect" message.  My CA is administered by my company internally (not external like Verisign).   One thing was that when installing the certificate from my CA, it had an error that said "keytool error: java.lang.Exception: Failed to establish chain from reply".  The only way that we (myself and a member of the CA team) found to get the certificate to install was to delete the self-signed one first.  He was telling me that we only needed the new certificate that he had generated from my certreq.csr file.  What I found strange was that using the netstat command, it doesn't look like Confluence is even listening on port 8443.

Like
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 6, 2022

Hi @Joe Roper ,

port should be 8090 and 443. Do u have a reverse proxy in front of your Confluence?

Fabio

Like
Joe Roper
Joe Roper October 6, 2022

HTTP is 8090.  From the conversion documentation, it said to use 8443, I did try 443 with same results.  According to the CA team, we do not use any proxy for internal applications, only traffic passing through the firewall to external sites is proxied.

Joe

Like
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 6, 2022

Hi @Joe Roper ,

try the following configuration in your server.xml file


<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" proxyName="YOUR_DOMAIN" proxyPort="443"/>

 

Fabio

Like
Joe Roper
Joe Roper October 6, 2022

Hi Fabio,

That only worked insofar as allowing Confluence to still use port 8090 in an unsecured mode, but it broke my "Manage Apps" link inside of Confluence.  Couldn't reach the Marketplace after the change.  Reverted to other config and it fixed that issue.  Still not sure why NETSTAT shows that Confluence is not listening on port 8443 even with the config stated in:

 https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html

 

Is the self-signed certificate needed?  My support guy said that it was only needed to create the certreq.cer file but could then be removed.  My instinct is telling me that he is wrong, needs both the self-signed and the CA certificates.

Thank you for your assistance.

Like
Joe Roper
Joe Roper October 11, 2022

Hello @Fabio Racobaldo _Herzum_

Do you have any further assistance, I am still unable to get it to work.

Joe

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
2016
TAGS
AUG Leaders

Atlassian Community Events

    See all events