Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Update Expired SSL Certificate in Confluence Server

Sean
Sean March 26, 2020

The SSL certificate used in our Confluence Server instance has expired, so I want to update it with the renewed certs.

When I run

/opt/atlassian/confluence/jre/bin/keytool -import -alias confluence -keystore /opt/atlassian/confluence/conf/file.jks -file bundle.crt

I get the following error:

keytool error: java.lang.Exception: Certificate reply does not contain public key for <confluence>

What am I missing here?

Answer
Watch
Like Be the first to like this
11950 views

1 answer

1 accepted

1 vote
Answer accepted
Sean
Sean March 27, 2020

I was able to fix this by doing the following:

  1. Create a PFX file using the certificate and the key:
    `openssl pkcs12 -export -out /home/user.name/certs-2020-22.pfx -inkey /home/user.name/new.key -in /home/user.name/new.crt`
  2. Create a new KeyStore (.jks) file using the PFX file we just created:
    `keytool -importkeystore \ -srckeystore /home/user.name/certs-2020-22.pfx -srcstoretype PKCS12 -srcstorepass add_password \ -deststorepass add_password -destkeypass add_password -destkeystore /opt/atlassian/confluence/conf/certs-2020-22.jks`
  3. Update the following fields in `server.xml`: keyAlias, keystoreFile, keystorePass
  4. Restart Confluence: `/etc/init.d/confluence restart`
View More Comments
San
San May 15, 2020

Thank you so much for this, It worked perfectly fine to update the SSL certificate on Confluence and Jira with the new certificate.

Just in case, if someone needs additional info - server.xml is located at the installation folder for Confluence or Jira /conf/server.xml. I used keyAlias = "1" keyStoreFile="path_of_jks_file" and keyStorePass="add_password_value".

Like Sean likes this
Damian Pawski
Damian Pawski November 12, 2020

Thank you

Worked with JIRA and Confluence.

Damian

Like
Techdsmart
Techdsmart June 30, 2021

Hi Guys,

I have followed the above in Jira but whenever i restart, webservice  doesn't come up. I get the following error from logs

An error occurred when performing the Gadget feed URL healthcheck
org.apache.http.conn.ConnectTimeoutException: Connect to xxxxxxxxx.ch:443 [xxxxxxxxxx] failed: Read timed out

 I imported both RootCA & Domain wildcard cert to JKS File. I  can see both of the aliases when i list using

keytool -list -v -keystore xxxxxxxxxxx.jks

 The old cert is experiencing soon, so am seeking to update. When i revert to old alias related to old JKS/cert, Jira is able to start. Is there anything i am missing please? Its been three days of its like am giving up.

I will appreciate you help guys.

PS: Jira is running in Docker

Like Jii Vii likes this
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events