I was tasked to configure our confluence server to use our wildcard certificate. I use this guide as reference https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html. Since I already have a downloaded certificate. I did not go through all the steps on the guide and proceed with importing the certificate (option2 step 5) using the command below which was successful.
C:\>keytool –import –keystore ..\lib\security\cacerts –alias newcertificate –storepass changeit –noprompt –trustcacerts –file c:\new_certificate.crt
I Then proceed with steps 2, 3 and 4. I restarted confluence and tried accessing confluence again using https://confluence.mydomain.com:8443 using chrome now its showing me an error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH. My server.xml looks like this:
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLEnabled="true" URIEncoding="UTF-8" keystorePass="mypassword" keystoreFile="<C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts>"/>
Am I missing something here?
Thanks in advance for your response.
Is your keystore locate inside the "cacerts"? Commonly, you need to create a keystore as per that article, and import the certificate inside the keystore, then your keystore path in your server.xml would look like:
Can you see that I pointed the .keystore archive? I suggest following again that article so you could create a .keystore and import that certificate in it.
@Guilherme Viana [Atlassian]
Thanks for your response. Just a quick clarification, I need to remove the certificate that I have imported and go trough the process again on from generating a local certificate until the very end?
You need to create Confluence's local keystore (If it does not exist, which I think it does since you have already a
certificate) install it there and also install the certificate in the java cacerts file again make sure the chain and/or
the root CA certficate are installed there since Java uses that file to trust any certificate it encounters. and restart Confluence. Remember that while installing the certifiate in Confluence's local keystore you have to use the original "Alias" that was used when the keystore was created so it integrates correctly into your keystore.
Hi my Community friends! For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs