So, we are currently running a Confluence Server and the certificate has expired. It was using a certificate specific to the url. Since that time we have obtained a wildcard certificate and would like to install that on Confluence. There are steps for configuring Confluence to use SSL, however as a "novice" I can't determine what parts apply to "replacing" a certificate. We have the certificate already and we know the password assigned to it.
"Follow the prompts to specify your name, organisation and location. This information is used to construct the X.500 Distinguished Name (DN) of the entity. The CN ("What is your first and last name?") must match the fully-qualified hostname of the server running Confluence, otherwise Tomcat will not be able to use the certificate for SSL. For example for a Confluence running on a server named "confluence.example.com":
CN=confluence.example.com, OU=Java Software Division, O=Sun Microsystems Inc, C=US"
JR
These commands worked for us on a .pfx exported from IIS (where the wildcard CSR was generated). Be sure to use the same passphrase for the keystore as that used to sign the CSR!
/opt/jdk1.8.0_45/jre/bin/keytool -importkeystore -srckeystore <your-wildcard-cert>.pfx -srcstoretype pkcs12 -destkeystore /home/confluence/.keystore
/opt/jdk1.8.0_45/jre/bin/keytool -import -trustcacerts -alias root -file QuoVadis_Root_CA_2.crt -keystore /home/confluence/.keystore
/opt/jdk1.8.0_45/jre/bin/keytool -import -trustcacerts -alias intermediate -file QuoVadis_Intermediate_Global_SSL_ICA_G2.crt -keystore /home/confluence/.keystore
You listed the name extensions for each step!!!! Life saver!!! I am working on how to change the password needed to access the CSR or PFX as we try not to use this password on web servers. If I figure it out I will post a follow up with the notes.
Thank you Simon thank you!!!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.