It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Using CA signed certificate for Confluence


I'm new to confluence (I just heard about  it Friday last week laugh) and I am tasked to install a CA signed certificate to confluence. I found to this guide to be helpful.  I just want to ask a few clarifications. 

  • I already have the CA signed certificate already, (.cer file), should I just simply import this to the keystore and proceed with step 2 on the guide?

Thank you in advance for any response.




2 answers

0 votes
Steven Behnke Community Leader Jan 11, 2016

Yes, if you already have a signed certificate you can skip the self-signed certificate steps.



So I was able to import my certificate to the keystore and gone through steps 2  3 and 4. However, when I tried to access its showing an error:


My server.xml looks like the one below.

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="mypassword"
keystoreFile="<C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts>"/>


Am I missing any steps here?


Any response will be much appreciated.





Steven Behnke Community Leader Jan 14, 2016

It'd be better to ask this in a new Question rather than an Answer to your own original question. We'd need more information to help you also. Did you install your own certificate/key combo into the cacerts keystore? That seems weird.

Hello @Steven Behnke,

Thanks for your response.  What I did was simply run the command below.  Should I create a new keystore and import my certificate to the newly created keystore and have my server.xml points to the keystore path? Sorry for the noob question. 




C:\&gt;keytool –import –keystore ..\lib\security\cacerts –alias newcertificate –storepass changeit –noprompt –trustcacerts –file c:\new_certificate.crt


Steven Behnke Community Leader Jan 15, 2016

Okay: The issue here is that you don't understand what you're really doing. Sorry for being so blunt. This isn't easy to explain without knowing more detail about your OS and system information. I'm familiar with the Linux process but the Windows process should be the same.

You need to pair the certificate and the key under an alias in a new keystore. This is how you secure your server! Your server's key PLUS your purchased certificate is your security! When you import your certificate, you need to make sure it trusts your CA Certs file, which you should have already added to or modified with the rest of the trust chain. Alternatively you should be able to import all of the chain into your new keystore, I think.

I don't think that adding all the certificates to the CA Certs file will work at all.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

2019: All Wrap(ped) Up Like a Present

Hindsight might be 2020 but looking back, a lot of cool new features rolled out in 2019. From new collaboration and organizational powers to fresh templates and handy integrations, it’s been quite th...

245 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you