Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Update Expired SSL Certificate in Confluence Server

The SSL certificate used in our Confluence Server instance has expired, so I want to update it with the renewed certs.

When I run

/opt/atlassian/confluence/jre/bin/keytool -import -alias confluence -keystore /opt/atlassian/confluence/conf/file.jks -file bundle.crt

I get the following error:

keytool error: java.lang.Exception: Certificate reply does not contain public key for <confluence>

What am I missing here?

1 answer

1 accepted

1 vote
Answer accepted

I was able to fix this by doing the following:

  1. Create a PFX file using the certificate and the key:
    `openssl pkcs12 -export -out /home/user.name/certs-2020-22.pfx -inkey /home/user.name/new.key -in /home/user.name/new.crt`
  2. Create a new KeyStore (.jks) file using the PFX file we just created:
    `keytool -importkeystore \ -srckeystore /home/user.name/certs-2020-22.pfx -srcstoretype PKCS12 -srcstorepass add_password \ -deststorepass add_password -destkeypass add_password -destkeystore /opt/atlassian/confluence/conf/certs-2020-22.jks`
  3. Update the following fields in `server.xml`: keyAlias, keystoreFile, keystorePass
  4. Restart Confluence: `/etc/init.d/confluence restart`

Thank you so much for this, It worked perfectly fine to update the SSL certificate on Confluence and Jira with the new certificate.

Just in case, if someone needs additional info - server.xml is located at the installation folder for Confluence or Jira /conf/server.xml. I used keyAlias = "1" keyStoreFile="path_of_jks_file" and keyStorePass="add_password_value".

Like Sean likes this

Thank you

Worked with JIRA and Confluence.

Damian

Hi Guys,

I have followed the above in Jira but whenever i restart, webservice  doesn't come up. I get the following error from logs

An error occurred when performing the Gadget feed URL healthcheck
org.apache.http.conn.ConnectTimeoutException: Connect to xxxxxxxxx.ch:443 [xxxxxxxxxx] failed: Read timed out

 I imported both RootCA & Domain wildcard cert to JKS File. I  can see both of the aliases when i list using

keytool -list -v -keystore xxxxxxxxxxx.jks

 The old cert is experiencing soon, so am seeking to update. When i revert to old alias related to old JKS/cert, Jira is able to start. Is there anything i am missing please? Its been three days of its like am giving up.

I will appreciate you help guys.

PS: Jira is running in Docker

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence Cloud

🏠 Say hello to the new Confluence Home!

Hi Atlassian Community, My name is DJ Chung, and I’m a Product Manager on the Confluence Cloud team. Today, I’m excited to share a new and improved version of Home. The new Home helps you ...

42,866 views 30 134
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you