SSL configuration in Confluence


I was tasked to configure our confluence server to use our wildcard certificate.  I use this guide as reference Since I already have  a downloaded certificate. I did not go through all the steps on the guide and proceed with importing the certificate (option2 step 5) using the command below which was successful.

C:\>keytool –import –keystore ..\lib\security\cacerts –alias newcertificate –storepass changeit –noprompt –trustcacerts –file c:\new_certificate.crt


I Then proceed with steps 2, 3 and 4. I restarted confluence and tried accessing confluence again using using chrome now its showing me an error  "ERR_SSL_VERSION_OR_CIPHER_MISMATCH. My  server.xml looks like this:


<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="mypassword"
keystoreFile="<C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts>"/>

Am I missing something here?


Thanks in advance for your response.




3 answers

0 votes

Hey Lorenze,

Is your keystore locate inside the "cacerts"? Commonly, you need to create a keystore as per that article, and import the certificate inside the keystore, then your keystore path in your server.xml would look like:

keystoreFile="C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts\.keystore"/>

Can you see that I pointed the .keystore archive? I suggest following again that article so you could create a .keystore and import that certificate in it.


@Guilherme Viana [Atlassian]


Thanks for your response. Just a quick clarification, I need to remove the certificate that I have imported and go trough the process again on from generating a local certificate until the very end?




Hello Lorenze:

You need to create Confluence's local keystore (If it does not exist, which I think it does since you have already a

certificate) install it there and also install the certificate in the java cacerts file again make sure the chain and/or

the root CA certficate are installed there since Java uses that file to trust any certificate it encounters. and restart Confluence. Remember that while installing the certifiate in Confluence's local keystore you have to use the original "Alias" that was used when the keystore was created so it integrates correctly into your keystore.



Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Feb 06, 2019 in Confluence

Try out the new editing experience

Hi team, I’m Avinoam, a product manager on Confluence Cloud, and today I’m really excited to let the Community know that all customers can now try out the new editing experience and see some of the ...

1,171 views 69 8
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you