Using CA signed certificate for Confluence

Hello, 

I'm new to confluence (I just heard about  it Friday last week laugh) and I am tasked to install a CA signed certificate to confluence. I found to this guide https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html to be helpful.  I just want to ask a few clarifications. 

  • I already have the CA signed certificate already, (.cer file), should I just simply import this to the keystore and proceed with step 2 on the guide?

Thank you in advance for any response.

 

Best,

Renz

2 answers

0 vote
Steven Behnke Community Champion Jan 11, 2016

Yes, if you already have a signed certificate you can skip the self-signed certificate steps.

Hi,

 

So I was able to import my certificate to the keystore and gone through steps 2  3 and 4. However, when I tried to access https://confluence.mydomain.com:8443 its showing an error:

"ERR_SSL_VERSION_OR_CIPHER_MISMATCH. 

My server.xml looks like the one below.

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="mypassword"
keystoreFile="<C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts>"/>

 

Am I missing any steps here?

 

Any response will be much appreciated.

 

Thanks,

renz

 

Steven Behnke Community Champion Jan 14, 2016

It'd be better to ask this in a new Question rather than an Answer to your own original question. We'd need more information to help you also. Did you install your own certificate/key combo into the cacerts keystore? That seems weird.

Hello @Steven Behnke,

Thanks for your response.  What I did was simply run the command below.  Should I create a new keystore and import my certificate to the newly created keystore and have my server.xml points to the keystore path? Sorry for the noob question. 

 

Thanks

 

C:\&gt;keytool –import –keystore ..\lib\security\cacerts –alias newcertificate –storepass changeit –noprompt –trustcacerts –file c:\new_certificate.crt

 


Steven Behnke Community Champion Jan 15, 2016

Okay: The issue here is that you don't understand what you're really doing. Sorry for being so blunt. This isn't easy to explain without knowing more detail about your OS and system information. I'm familiar with the Linux process but the Windows process should be the same.

You need to pair the certificate and the key under an alias in a new keystore. This is how you secure your server! Your server's key PLUS your purchased certificate is your security! When you import your certificate, you need to make sure it trusts your CA Certs file, which you should have already added to or modified with the rest of the trust chain. Alternatively you should be able to import all of the chain into your new keystore, I think.

I don't think that adding all the certificates to the CA Certs file will work at all.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

385 views 21 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you