My site is: www.affinex.net
SSL certificate has been installed
I am getting errors and I couldn't get JIRA to work under SSL. For now, the installation is completed, I am able to run JIRA on port 8080, however I couldn't get it to run on HTTPS.
I have uncommented the SSL section of conf/server.xml (refer to attachment)
I am getting keytool error message from Command Prompt: (refer to attachment)
keytool error: java.io.FileNotFoundException: www_affinex_net.crt <The system cannot find the file specified>
I have checked the directory and path, everything is correct.
Yes I did. Right click and "run as administrator". Thanks for the reminder though.
Not sure if this matters or not but did you run the cmd windows under administrator's rights?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Check that the files and directories are read/write enabled for your user on both
1. The current one with the .crt file in it
2. The place where keytool will be keeping the certificate store
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Where is your certificate store?
Can you run the keytool commands with the -v flag for more info?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
refer to attachment. the crt file is stored at this directory: C:\Program Files\Atlassian\JIRA\jre\bin\keytool
how do I run keytool cmd with v-flag? Please enlighten. Thanks Nic!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Checked all folders are read/write enabled. Error is still there.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please refer to printscreen for folder permission. Modified enabled.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm not familiar with where windows JVMs might default the keytools to, or what the grey ticks in the permissions mean (is it ok that "read" is greyed out for your user?)
With keytool, add the -v as a parameter - instead of "keytool -import ...", try "keytool -v -import ..."
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
greyed out means it's enabled by default. Attached picture is the v flag, please advise.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
mmm, ok, that's not a huge amount of help, sorry. Worth a try, but it's a plain "file you're talking about is not there error", rather than something obscure.
Simple fact is, the keytool program is not finding the .crt file (it might not be able to open the keystore, but as you're entering a password and it's accepting it, I doubt that's it). It looks like the file isn't in the current directory. Could you try these two commands, in the current directory that you're running keytool from:
dir *.crt
attrib *.crt
(By the way - screenshots are not needed, the plain text of the command window is much nicer)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Could it be the password?
I entered "changit" for both the password. Keystore password and new password. How to check whether I setup keystore properly and check what is the password?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The whole point of the password is that it can't be extracted! To check it just try "keytool -list", which will ask you for it and if you get it right, it will list your imported certificates.
I suspect this is not the issue though, it's the fact it can't find your .crt file.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Error message as below:
C:\Users\Administrator>"C:\Program Files\Atlassian\JIRA\jre\bin\keytool" -list
keytool error: java.lang.Exception: Keystore file does not exist: C:\Users\Admin
istrator\.keystore
C:\Users\Administrator>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, that answers that then. You haven't created a keystore, so the system can't find it when you're running the command to add the certificate.
Note - you probably don't want to create one for the admin user - you probably want it for the user that Jira will be running as.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I know this might sound very stupid. But how do I create a keystore for user? Can you direct me to a link or something?
Thanks Nic!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Run the keytool program as that user.
http://docs.oracle.com/javase/6/docs/technotes/tools/ and look under "security tools" section
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I tried creating the keystore with the -genkeypair command but more error messages came out:
C:\Program Files\Atlassian\JIRA\jre\bin>-genkeypair
'-genkeypair' is not recognized as an internal or external command,
operable program or batch file.
C:\Program Files\Atlassian\JIRA\jre\bin>-genkeypair {-alias alias} {-keyalg keya
lg} {-keysize keysize} {-sigalg sigalg} [-dname dname] [-keypass keypass] {-vali
dity valdays} {-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerClass provider_class_name {-providerArg provider_arg}} {-v} {-protect
ed} {-Jjavaoption}
'-genkeypair' is not recognized as an internal or external command,
operable program or batch file.
C:\Program Files\Atlassian\JIRA\jre\bin>-genkey
'-genkey' is not recognized as an internal or external command,
operable program or batch file.
C:\Program Files\Atlassian\JIRA\jre\bin>-genkeypair
'-genkeypair' is not recognized as an internal or external command,
operable program or batch file.
C:\Program Files\Atlassian\JIRA\jre\bin>-keystore
'-keystore' is not recognized as an internal or external command,
operable program or batch file.
C:\Program Files\Atlassian\JIRA\jre\bin>-keystore keystore
'-keystore' is not recognized as an internal or external command,
operable program or batch file.
C:\Program Files\Atlassian\JIRA\jre\bin>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Don't know. How have you configured it? What do you mean "can't run it with https"?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have added the keystore as below, but I still can't run JIRA with HTTPS. What's the next step?
C:\Program Files\Atlassian\JIRA\jre\bin>keytool -genkey -alias mydomain -keyalg
RSA -keystore keystore.jks -keysize 2048
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Daniel Ong
What is the name of your organizational unit?
[Unknown]: Cloud
What is the name of your organization?
[Unknown]: Dossologic
What is the name of your City or Locality?
[Unknown]: Singapore
What is the name of your State or Province?
[Unknown]: Singapore
What is the two-letter country code for this unit?
[Unknown]: SG
Is CN=Daniel Ong, OU=Cloud, O=Dossologic, L=Singapore, ST=Singapore, C=SG correc
t?
[no]: YES
Enter key password for <mydomain>
(RETURN if same as keystore password):
C:\Program Files\Atlassian\JIRA\jre\bin>keytool -v
Usage error: no command provided
Try keytool -help
C:\Program Files\Atlassian\JIRA\jre\bin>keytool -import -trustcacerts -alias roo
t -file www_affinex_net.crt -keystore keystore.jks
Enter keystore password:
Owner: CN=www.affinex.net, OU=EssentialSSL, OU=Hosted by Tucows, OU=Domain Contr
ol Validated
Issuer: CN=EssentialSSL CA, O=COMODO CA Limited, L=Salford, ST=Greater Mancheste
r, C=GB
Serial number: 1a4eea1d8877139b6571378cc308b0e3
Valid from: Tue Aug 28 08:00:00 SGT 2012 until: Thu Aug 29 07:59:59 SGT 2013
Certificate fingerprints:
MD5: B6:DA:FD:A5:58:63:9C:18:30:55:DE:20:BD:82:A9:CB
SHA1: 93:B6:07:E8:3D:62:6F:A3:2D:8C:52:2B:21:12:3D:AA:E8:36:A8:6A
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: YES
Certificate was added to keystore
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
printcert check:
C:\Program Files\Atlassian\JIRA\jre\bin>keytool -list -v -keystore keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: root
Creation date: Sep 18, 2012
Entry type: trustedCertEntry
Owner: CN=www.affinex.net, OU=EssentialSSL, OU=Hosted by Tucows, OU=Domain Contr
ol Validated
Issuer: CN=EssentialSSL CA, O=COMODO CA Limited, L=Salford, ST=Greater Mancheste
r, C=GB
Serial number: 1a4eea1d8877139b6571378cc308b0e3
Valid from: Tue Aug 28 08:00:00 SGT 2012 until: Thu Aug 29 07:59:59 SGT 2013
Certificate fingerprints:
MD5: B6:DA:FD:A5:58:63:9C:18:30:55:DE:20:BD:82:A9:CB
SHA1: 93:B6:07:E8:3D:62:6F:A3:2D:8C:52:2B:21:12:3D:AA:E8:36:A8:6A
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F9 BE 85 5E 55 CE E8 6E FA EB EB 1A EF 97 FC E5 ...^U..n........
0010: A6 19 0A 4C ...L
]
]
#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://crt.comodoca.com/EssentialSSLCA_2.crt,
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.comodoca.com]
]
#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.comodoca.com/EssentialSSLCA.crl]
]]
#6: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.7]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 ..https://
secure
0010: 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53 .comodo.com/CPS
]] ]
]
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I want to run JIRA with SSL. For example, right now I am able to run JIRA on port 8080. e.g. www.affinex.net:8080 but I couldn't get it to run on a secure port e.g. HTTPS://www.affinex.net:8443
I am not too sure how to make this configuration.
Thanks Nic.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, I understand that you want to access it via SSL (which implies https unless you're doing something unusual, but is NOT the same thing as SSL), but I'm afraid I'm not grasping the details. My main client uses certificates to access Jira (bypassing logins) and the system needs a certificate to get to confluence, source control and other places it's integrated with, so I'm probably just getting confused.
If it is just allowing (and requiring) access via https, then please work through https://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPS and tell us where you're getting stuck there.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Okay, now I am stuck at the configuration tool. I have tried running config.bat but to no avail. Any ideas?
I have java running.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Not really, because I don't know what you're doing. What does "stuck at the configuration tool" mean? Running config.bat - so? What does it do? What's the error.
Have you read and followed the document I referred to? Where are you stuck in that?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I apologize for being vague. What I meant was, I couldn't run the configuration tool. I understand I need it to configure JIRA to run using HTTPS port. But I tried runnning (double-clicking and cmd run) config.bat in the JIRA bin
sub-directory but I just couldn't get the configuration tool to run.
Hope I clarified. Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Stuck = couldn't get it to run = clicked and nothing happen.
Nice one with the penguins though.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
mmm, that doesn't tell us any more - "I couldn't get it to run" is the same as "stuck".
To reuse my standard car analogy - "I couldn't get the car to move" doesn't tell us if it's not starting on ignition, the petrol tank is empty, it's in a ditch or if it's been trampled into bits by rampaging penguins.
You need to tell us what the symptoms are, error messages and so-on. Tell us where you are stuck in the documentation. More importantly, tell us where you've done something *different* from the documentation - that's probably where you're going wrong. Again, please work through https://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPS and tell us where you're getting stuck there.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I know, it's hard to explain to someone not in front of your screen, but it's just as hard to try to guess your way through without information too.
One of the wonders of running Windows is that it's utterly awful at telling you what's wrong. There IS something happening when you click on whatever you're clicking on, and Windows is failing miserably to tell you anything useful (which means it's not useful as an "operating system" because real ones give you feed back).
Try it on a command line. Take apart the shortcut and work out what it's actually running and run that from a cmd prompt. It should tell you more. Look for the application logs too - they will probably tell you why it's not running, assuming you can find them.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Command prompt gives me this:
C:\Program Files\Atlassian\JIRA\bin>config.bat
The system cannot find the path specified.
C:\Program Files\Atlassian\JIRA\bin>
But the path is valid, the files are valid. This is really mind boggling.
Well, that's the reason why I prefer putting up screenshots but you advised me against it. A picture speaks a thousand words Nic.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The text is fine, it tells you all we need to know
The path and/or files are definitely not valid, according to the Operating System, and that's the thing that matters (you're now in a situation where you're saying "paint the car yellow" and the Operating system is saying "I have a brush, but there's not actually any car here... um... help")
However, because Windows is not helping a lot, I've got a feeling it might actually be telling you "something inside config.bat is missing". Useless error message, but hey.
Could you try:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tried running all 3 suggestions. Nothing.
Is there any way I can "re-installing" or download the JIRA configuration tool program/files?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Could it be Java?
C:\Program Files\Java\jdk1.6.0_34\bin>java -version
Error occurred during initialization of VM
java/lang/ClassNotFoundException: error in opening JAR file C:\Program Files\Jav
a\jdk1.6.0_34\jre\lib\rt.jar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
All three of those commands would have given you something, albeit the first two might just be the same error message again.
Your next comment is an excellent idea on testing though and, even better, it does tell us something. Two things actually - first rt.jar is missing from your java install. I'm pretty sure this is a simple consequence of the second point - you are running a JRE, and that won't work - you need a JDK to run Atlassian stuff. Java Runtime Environment and Java Development Kit, before you ask ;-)
It's a bit of a misnomer - when they were first built, a JRE was what goes on a users machine if they wanted to run a java application, and developers needed a JDK. For many years though, that's simply not true - most applications need stuff in the JDK to run. Nowadays, a JRE is probably more than enough if my Mom wants to run something, but developers, servers, advanced users and even the cat needs a JDK.
Anyway, end rant, could you install a JDK and try again? Make sure it's JDK 1.6 though - Atlassian stuff doesn't work on 1.7 (yet). If you're worried about breaking other stuff, don't, a JDK contains the JRE and most apps won't care that there are extra bits in it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank Nic for the pointers. I got the configuration tool running, it seems like java is corrupted. Configuration tool is running after I re install Java.
However, on the webserver tab of the configuration tool, there are only 2 text box (HTTP Port and Control port) I can't see profile, keystore, HTTPS and the rest of the textboxes. Refer picture:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I don't know if the configuration tool supports those options, it might only handle http setup. I'm not familiar with it - never had a client who doesn't need a WAR build for some reason.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.