I created a LDAP server with TLS and a self-sign certificate. I can login from another Linux client machine that I copied the pubkey to and it appears to be working great.
Now trying to get Confluence to use the LDAP servers has proven very difficult. I have followed the documentation, but I'm not sure where I'm going wrong.
I wish I could just click in Atlassian and import the certificate. That would make life easy, but I'm trying to use the keytool and that is a nightmare.
My self-signed certificate is in the "pem" format. The examples I see are using CRT format. Do I need to convert mine? Not a certificate expert. I've used this command, but I get the error below this command.
keytool -import -alias serverCert -file /etc/pki/tls/certs/ldap1_pubkey.pem -keystore $JAVA_HOME/jre/lib/security/cacerts
keytool error: java.io.FileNotFoundException: /jre/lib/security/cacerts (No such file or directory)
If I change it to where the directory really is:
keytool -import -alias serverCert -file /etc/pki/tls/certs/ldap1_pubkey.pem -keystore /opt/atlassian/confluence/jre/lib/security/cacerts
I get this error:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
I would appreciate any help. Thanks,
You have to import your ldap self signed certificate on the cacerts file. I believe the easiest way is to do that with portecle, you can download it at http://portecle.sourceforge.net.
I understand you already have the .pem file exported, so you just need to open portecle, go to File->Open Keystore File and locate your cacerts file, it will ask for password, which is "changeit". Now go to Tools->Import Trusted Certificate and import your .pem file and save it.
If you don't have a desktop on your Confluence server, you can copy your cacerts file to your desktop, perform the above steps, then copy it again to it's original location.
Thanks for the help. I've tried Portecle program. I selected my "pem" file. It prompted for a password. I entered "changeit", but I get the following error.
Could not open "C:\Users\Administrator\Desktop\ldap1_pubkey.pem" as a keystore. Attempts were made for the following keystore types: JKS, PKCS#12, JCEKS, JKS(case sensitive), BKS, BKS-V1, UBER.
Note that this may be because of a incorrect password, or because the keystore has been tampered with.
Does it not work with pem files?
Thanks for the help. I have moved my Atlassian installation to a Windows 2012 R2 server because I could not get Portecle to run in linux. I have imported the certificate now. When I setup Atlassian to connect to my OpenLdap server and click the test connect button I get the following error:
Connection test failed. Response from the server:
centos65.bradyexternal.local:636; nested exception is javax.naming.CommunicationException: centos65.bradyexternal.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Not sure what to do next. Yes, I'd like to open up a support ticket unless this is a simple fix?
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs