SSL configuration in Confluence

Hello,

I was tasked to configure our confluence server to use our wildcard certificate.  I use this guide as reference https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html. Since I already have  a downloaded certificate. I did not go through all the steps on the guide and proceed with importing the certificate (option2 step 5) using the command below which was successful.

C:\>keytool –import –keystore ..\lib\security\cacerts –alias newcertificate –storepass changeit –noprompt –trustcacerts –file c:\new_certificate.crt

 

I Then proceed with steps 2, 3 and 4. I restarted confluence and tried accessing confluence again using https://confluence.mydomain.com:8443 using chrome now its showing me an error  "ERR_SSL_VERSION_OR_CIPHER_MISMATCH. My  server.xml looks like this:

 

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="mypassword"
keystoreFile="<C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts>"/>

Am I missing something here?

 

Thanks in advance for your response.

 

Best!

 

3 answers

This widget could not be displayed.

Hey Lorenze,

Is your keystore locate inside the "cacerts"? Commonly, you need to create a keystore as per that article, and import the certificate inside the keystore, then your keystore path in your server.xml would look like:

keystoreFile="C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts\.keystore"/>

Can you see that I pointed the .keystore archive? I suggest following again that article so you could create a .keystore and import that certificate in it.

Cheers,

This widget could not be displayed.

@Guilherme Viana [Atlassian]

 

Thanks for your response. Just a quick clarification, I need to remove the certificate that I have imported and go trough the process again on from generating a local certificate until the very end?

 

Thanks,

Lorenze

This widget could not be displayed.

Hello Lorenze:

You need to create Confluence's local keystore (If it does not exist, which I think it does since you have already a

certificate) install it there and also install the certificate in the java cacerts file again make sure the chain and/or

the root CA certficate are installed there since Java uses that file to trust any certificate it encounters. and restart Confluence. Remember that while installing the certifiate in Confluence's local keystore you have to use the original "Alias" that was used when the keystore was created so it integrates correctly into your keystore.

 

Cheers

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

268 views 2 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you