I'm new to confluence (I just heard about it Friday last week ) and I am tasked to install a CA signed certificate to confluence. I found to this guide https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html to be helpful. I just want to ask a few clarifications.
Thank you in advance for any response.
So I was able to import my certificate to the keystore and gone through steps 2 3 and 4. However, when I tried to access https://confluence.mydomain.com:8443 its showing an error:
My server.xml looks like the one below.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
Am I missing any steps here?
Any response will be much appreciated.
It'd be better to ask this in a new Question rather than an Answer to your own original question. We'd need more information to help you also. Did you install your own certificate/key combo into the cacerts keystore? That seems weird.
Hello @Steven Behnke,
Thanks for your response. What I did was simply run the command below. Should I create a new keystore and import my certificate to the newly created keystore and have my server.xml points to the keystore path? Sorry for the noob question.
C:\>keytool –import –keystore ..\lib\security\cacerts –alias newcertificate –storepass changeit –noprompt –trustcacerts –file c:\new_certificate.crt
Okay: The issue here is that you don't understand what you're really doing. Sorry for being so blunt. This isn't easy to explain without knowing more detail about your OS and system information. I'm familiar with the Linux process but the Windows process should be the same.
You need to pair the certificate and the key under an alias in a new keystore. This is how you secure your server! Your server's key PLUS your purchased certificate is your security! When you import your certificate, you need to make sure it trusts your CA Certs file, which you should have already added to or modified with the rest of the trust chain. Alternatively you should be able to import all of the chain into your new keystore, I think.
I don't think that adding all the certificates to the CA Certs file will work at all.
I attended Atlassian Summit 2019 and learned a lot from the presenters, attendees and knowledgeable Atlassian product managers. The presentations I attended focused on applying Agile, pla...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events