I have attempted to follow several articles related to applying an existing wildcard SSL certificate to Jira and have been unsuccessful on each attempt. Whether it's using keytool, config.bat, editing the server.xml file, etc..nothing is working.
We have an existing wildcard cert that we would like to apply to Jira, can someone please assist?
The best way to use SSL is with an web proxy in front of JIRA. But as long as you have the private key for your wildcart certificate and the root ca cert, you can import these into a new keystore. This page seems to explain it well by using openssl before using keytool. https://confluence.atlassian.com/kb/how-to-import-an-existing-ssl-certificate-for-use-in-tomcat-838412853.html
After that, you can configure your server.xml to point to that keystore using the regular instructions.
TY. I have tried the method mentioned and will try it again tomorrow morning. My complaint is really with the way the process is structured, in that there are more than few assumptions, it states about 3 times the word "assume".
Any reason this process is not well documented somewhere? It seems as though the resources for this are all over the place. I am currently documenting the process and will share all my information once complete, but I do find this process unnecessarily difficult.
I agree that the Proxy/HTTPS documentation could use improvement, and that there are a lot of assumptions about both the environment and the administrator. But there are also lots of different ways to set this up. It has improved over the past few revisions.
I would also think about looking into a proxy as SSL termination would be handled better by the proxy rather than tomcat. Post again here if you have other issues getting https enabled, and if this works don't forget to hit the "accept as solution" button!
Regarding the prerequisites on the site that you listed, I have a .crt and .pem file, a keystore, and openssl. What file is needed for the CAFile parameter.
So I have a few questions about the command in the link you have provided:
openssl pkcs12 -export -in host.crt -inkey host.crt.pem -out sslcert.jks -name tomcat -CAfile <What and Where is this file?> -caname root
I did some research on this parameter but did not see any concrete working example, or great explanations.
OpenSSL - Command Line Utilities
When I attempt to run the command I get "unable to load private key"
Im not frustrated, just wondering why this process has to be so difficult. I have installed and configured SSL certs, as well as custom development for identity services, and I find this process to be all over the place.
@Josh Steckler Just wanted to let you know that I was able to get this going. I have the process documented, and its actually not as bad as I thought. Took some time to understand keystores a little more, as well as keeping my eyes on the logs.
Just wanted to thank you for your time, I really appreciated that you took some time out of your day to help me out. I will post the entire process on a blog real soon.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot