I've been using a self-signed cert in our Confluence install, but we recently got a wildcard cert for our org and I want to use that instead.
I've see the GeoTrust instructions but they say you have to use the same keystore used to create your CSR and private key. That's not the case here since it's a generic wildcard cert that originated on another system.
I've tried various sets of generic instructions for importing private keys to a keystore but no success yet.
I was hoping someone else has done this and has some tips or a link to instructions that actually worked for you.
Thanks!
PS: I doubt it matters but our Confluence install is running on CentOS 7.
If possible, I would highly recommend running Confluence behind a reverse proxy like Apache or nginx. My organization is using nginx (installed directly from the nginx repo as we are on CentOS 6), but as you're on CentOS 7 you could make use of Apache 2.4 if you wanted. SSL termination is much much easier in Apache or nginx than using the Java tools.
Here's documentation for Apache:
https://confluence.atlassian.com/display/DOC/Running+Confluence+behind+Apache
The tricky thing is that your connector needs to be updated correctly so that Tomcat writes correct URLs for the reverse proxy. Here's my connector for reference - really the important pieces are proxyName which needs to match the URL you're using, and port up at the top where nginx or Apache should be proxying traffic:
<Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="200" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="HTTP/1.1" scheme="https" proxyName="wiki.domain.com" proxyPort="443"/>
Thanks, I am much more familiar with Apache config than this Tomcat/Java stuff so that looks doable. I'll give it a shot later today and let you know how it goes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Daniel, this worked out just fine. I removed the SSL config from Confluence itself, re-enabled port 8090, firewalled that away from everyone but the loopback interface, and then set up the Apache proxy to respond on port 8443 instead. It took a little time to get just the right combination of settings but it did work and all appears well so far! *knock on wood* Thank you!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Exactly... (and technically it's already running https, I just want to use our 'real' cert which was already created outside of the local keystore.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is the reason behind importing the certificate so you can run Confluence on HTTPS?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.