Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Get Confluence to work with linux LDAP server and TLS

Jeff Viola
Jeff Viola May 16, 2014

I created a LDAP server with TLS and a self-sign certificate. I can login from another Linux client machine that I copied the pubkey to and it appears to be working great.

Now trying to get Confluence to use the LDAP servers has proven very difficult. I have followed the documentation, but I'm not sure where I'm going wrong.

I wish I could just click in Atlassian and import the certificate. That would make life easy, but I'm trying to use the keytool and that is a nightmare.

My self-signed certificate is in the "pem" format. The examples I see are using CRT format. Do I need to convert mine? Not a certificate expert. I've used this command, but I get the error below this command.

keytool -import -alias serverCert -file /etc/pki/tls/certs/ldap1_pubkey.pem -keystore $JAVA_HOME/jre/lib/security/cacerts

keytool error: java.io.FileNotFoundException: /jre/lib/security/cacerts (No such file or directory)

If I change it to where the directory really is:

keytool -import -alias serverCert -file /etc/pki/tls/certs/ldap1_pubkey.pem -keystore /opt/atlassian/confluence/jre/lib/security/cacerts

I get this error:

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

I would appreciate any help. Thanks,

Answer
Watch
Like Be the first to like this
731 views

5 answers

0 votes
FelipeA
FelipeA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 5, 2014

Hi Jeff,

I opened a ticket on your behalf on our Support System.

Best regards,

Felipe Alencastro

Reply
0 votes
Jeff Viola
Jeff Viola June 4, 2014

Thanks for the help. I have moved my Atlassian installation to a Windows 2012 R2 server because I could not get Portecle to run in linux. I have imported the certificate now. When I setup Atlassian to connect to my OpenLdap server and click the test connect button I get the following error:

Connection test failed. Response from the server:
centos65.bradyexternal.local:636; nested exception is javax.naming.CommunicationException: centos65.bradyexternal.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Not sure what to do next. Yes, I'd like to open up a support ticket unless this is a simple fix?

Reply
0 votes
FelipeA
FelipeA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 3, 2014

Hi Jeff,

Also I believe you're on evaluation period, is that right? If you want, we can raise a support ticket on https://support.atlassian.comso we can assist you better with this.

Reply
0 votes
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 16, 2014

To complement Felipe's answer, we have this documentation that explain this process with Active Directory, but it's the same idea for other LDAP distributions.

Cheers

Reply
0 votes
FelipeA
FelipeA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 16, 2014

Hi Jeff,

You have to import your ldap self signed certificate on the cacerts file. I believe the easiest way is to do that with portecle, you can download it at http://portecle.sourceforge.net.

I understand you already have the .pem file exported, so you just need to open portecle, go to File->Open Keystore File and locate your cacerts file, it will ask for password, which is "changeit". Now go to Tools->Import Trusted Certificate and import your .pem file and save it.

If you don't have a desktop on your Confluence server, you can copy your cacerts file to your desktop, perform the above steps, then copy it again to it's original location.

Best regards,

Felipe Alencastro

View More Comments
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 16, 2014

To complement Felipe's answer, we have this documentation that explain this process with Active Directory, but it's the same idea for other LDAP distributions.

Cheers

Like
Jeff Viola
Jeff Viola June 3, 2014

Thanks for the help. I've tried Portecle program. I selected my "pem" file. It prompted for a password. I entered "changeit", but I get the following error.

Could not open "C:\Users\Administrator\Desktop\ldap1_pubkey.pem" as a keystore. Attempts were made for the following keystore types: JKS, PKCS#12, JCEKS, JKS(case sensitive), BKS, BKS-V1, UBER.

Note that this may be because of a incorrect password, or because the keystore has been tampered with.

Does it not work with pem files?

Like
FelipeA
FelipeA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 3, 2014

Hi Jeff,

You have to open your cacerts file as a keystore with password of "changeit", and then import your ldap1_pubkey.pem into the cacerts file.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events