We have installed HipChat data center but there are no documentation on how to install SSL certificate and the previous version of documentation does not work as there are no such menus in the Data Center version.
Where can i read about installing the certificate?
Unlike HipChat Server, SSL is terminated at the load balancer for HipChat Data Center. Thus, the SSL certificated will be installed in the load balancer as indicated in Deploy HipChat Data Center:
* a load balancer with an SSL certificate for your domain
Additionally, from HipChat Data Center architecture:
a load balancer that directs connections to the HipChat nodes and handles SSL termination
(i) A load balancer is required, even for deployments that only have one HipChat node.
I hope this helps.
I believe that you are referring to the How to configure a basic Nginx reverse proxy for Hipchat Data Center where it is mentioned in the step 3 of the Configure section:
ssl_certificate_keyindicate the location of your SSL certificate and key respectively.
Can you please share what specific SSL issue that you are running into?
The issue was that when accessing hipchat using the url we set for it , it would redirect to the ip address and compalin about the ssl certs. Even after following the steps on the nginx
So this issue for us was solved by modifying the database to use a specific url instead of using the ip address.
Since you mentioned about the modification of database, do you mind sharing which table specifically you made changes to? Are you referring to the configurations table, specifically under the fqdn column?
On my end, I verified that the fqdn was set to use URL that I type in to the web browser to access the web interface of the data center deployment.
Yes I do mean the fqdn column.
In our situation, the certs were self signed. Another solution is to do an import of the certificate ( file should contain the cert and key) to the keystore of the hipchat datacenter server ..
Command hipchat certificates -i <certifcate name>
I'm not following... According to other docs, and to Ahmad's May 2nd comment here:
There is NO "hipchat certificate --import", as the "certificate" namespace DOES NOT EXIST in Hipchat DATACENTER (v3.1.4).
Can you please clarify if you are using Hipchat SERVER (v2.xx) ?? I am looking to import a cert into DATACENTER, but finding this to be unsupported??
Hi there, Jorge.
HipChat Data Center introduces a new way of implementing SSL. Instead of configuring it through the hipchat certificate command, the certificate is to be applied on the load balancer / reverse proxy level as mentioned in the following documentations:
While the command is no longer supported on data center, I suggest you to have the SSL certificate configured on the reverse proxy / load balancer for connections on port 443 to ensure that it is successfully implemented. Can you give that a try and let me know how it works for you?
Thanks, what I was getting at was that Noni's response only applies to Hipchat < v3.x. For Datacenter I am doing a POC and thus we did not setup a load balancer because our production load balancer is not supposed/allowed to point to non-prod hosts.
Eventually, what I found was that the default Hipchat cert is stored in these files, which I overwrote with my own certificate/key (generated via Java keytool):
This allowed me to integrate with our other Atlassian tools. I simply imported the public version of the certificate into the <java>/jre/lib/security/cacerts of the JVM that the Atlassian products run on.
People must keep in mind that there are two ways to setup Atlassian products. One comes shipped with the JRE under <Bamboo/JIRA/Confluence/Bitbucket INSTALL DIR>/jre/ ; the other installation method requires that you provide the Java runtime, usually via JAVA_HOME environment variable.
Sorry for responding late.
I am running version 3.1.1
I realised I wrote -import in my command instead of -i .
So i modified my previous comment.
Remember we have chosen to install hipchat using the small scale deployment guide.
I also added my cert and key into the /hipchat/certs folder.
above is an image showing you my command.
and it is what i use to successfully import my certs.
The cert i imported has the key appended to it.
This is interesting, originally I thought you were using 2.x because when I tried to follow your instructions the problem I encountered is that the 'certificate' option is not available.
But when you posted your screen shot I noticed that you used the plural form "certificateS" which looks like it's an undocumented feature in 3.x.
Please update your original posts to add the "s," at least for posterity.
And in answer to your question as to how I was able to get the new certificate to stick, I have not come across an instance in which it has been overwritten, so I don't know. What I do know is that I created the certificate using 'keytool' and simply replaced the files. They are owned by 'root' so they cannot be removed by the hipchat user. I have restarted the hipchat service, but have not rebooted the machine, so I don't know if there is something in OS startup that would cause replacing the files.
For an unsupported workaround please see my answers. We are doing this because we are in try-out PoC mode and don't want to commit too many resources to the trial. It is working for us with a self-signed cert.
We will be moving to a proper load-balanced/r-proxy solution when we go live in production.
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
...from the beginning. We have built up a lot of content in HipChat, with it being a core tool in our distributed company model. While it is true that we didn’t need to move to Slack immediately, we felt it...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs