I'm new to confluence (I just heard about it Friday last week ) and I am tasked to install a CA signed certificate to confluence. I found to this guide https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html to be helpful. I just want to ask a few clarifications.
Thank you in advance for any response.
So I was able to import my certificate to the keystore and gone through steps 2 3 and 4. However, when I tried to access https://confluence.mydomain.com:8443 its showing an error:
My server.xml looks like the one below.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
Am I missing any steps here?
Any response will be much appreciated.
Hello @Steven Behnke,
Thanks for your response. What I did was simply run the command below. Should I create a new keystore and import my certificate to the newly created keystore and have my server.xml points to the keystore path? Sorry for the noob question.
C:\>keytool –import –keystore ..\lib\security\cacerts –alias newcertificate –storepass changeit –noprompt –trustcacerts –file c:\new_certificate.crt
Okay: The issue here is that you don't understand what you're really doing. Sorry for being so blunt. This isn't easy to explain without knowing more detail about your OS and system information. I'm familiar with the Linux process but the Windows process should be the same.
You need to pair the certificate and the key under an alias in a new keystore. This is how you secure your server! Your server's key PLUS your purchased certificate is your security! When you import your certificate, you need to make sure it trusts your CA Certs file, which you should have already added to or modified with the rest of the trust chain. Alternatively you should be able to import all of the chain into your new keystore, I think.
I don't think that adding all the certificates to the CA Certs file will work at all.
Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs