I've been using a self-signed cert in our Confluence install, but we recently got a wildcard cert for our org and I want to use that instead.
I've see the GeoTrust instructions but they say you have to use the same keystore used to create your CSR and private key. That's not the case here since it's a generic wildcard cert that originated on another system.
I've tried various sets of generic instructions for importing private keys to a keystore but no success yet.
I was hoping someone else has done this and has some tips or a link to instructions that actually worked for you.
PS: I doubt it matters but our Confluence install is running on CentOS 7.
If possible, I would highly recommend running Confluence behind a reverse proxy like Apache or nginx. My organization is using nginx (installed directly from the nginx repo as we are on CentOS 6), but as you're on CentOS 7 you could make use of Apache 2.4 if you wanted. SSL termination is much much easier in Apache or nginx than using the Java tools.
Here's documentation for Apache:
The tricky thing is that your connector needs to be updated correctly so that Tomcat writes correct URLs for the reverse proxy. Here's my connector for reference - really the important pieces are proxyName which needs to match the URL you're using, and port up at the top where nginx or Apache should be proxying traffic:
<Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="200" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="HTTP/1.1" scheme="https" proxyName="wiki.domain.com" proxyPort="443"/>
Daniel, this worked out just fine. I removed the SSL config from Confluence itself, re-enabled port 8090, firewalled that away from everyone but the loopback interface, and then set up the Apache proxy to respond on port 8443 instead. It took a little time to get just the right combination of settings but it did work and all appears well so far! *knock on wood* Thank you!
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs