How do I apply an existing wildcard SSL cert for Jira?

TY.  I have tried the method mentioned and will try it again tomorrow morning.  My complaint is really with the way the process is structured, in that there are more than few assumptions, it states about 3 times the word "assume". 

 Any reason this process is not well documented somewhere?  It seems as though the resources for this are all over the place.  I am currently documenting the process and will share all my information once complete, but I do find this process unnecessarily difficult.

I agree that the Proxy/HTTPS documentation could use improvement, and that there are a lot of assumptions about both the environment and the administrator. But there are also lots of different ways to set this up. It has improved over the past few revisions.

I would also think about looking into a proxy as SSL termination would be handled better by the proxy rather than tomcat. Post again here if you have other issues getting https enabled, and if this works don't forget to hit the "accept as solution" button!

-Josh

Ill let you know by tomorrow if it works.  TY!

What do you think of this link

https://confluence.atlassian.com/jirakb/how-to-run-jira-over-https-with-a-personal-information-exchange-pfx-certificate-432804342.html

I tried it and it failed.

Regarding the prerequisites on the site that you listed, I have a .crt and .pem file, a keystore, and openssl. What file is needed for the CAFile parameter.
So I have a few questions about the command in the link you have provided:

openssl pkcs12 -export -in host.crt -inkey host.crt.pem -out sslcert.jks -name tomcat -CAfile <What and Where is this file?> -caname root

I did some research on this parameter but did not see any concrete working example, or great explanations.

OpenSSL - Command Line Utilities
https://wiki.openssl.org/index.php/Command_Line_Utilities

When I attempt to run the command I get "unable to load private key"

Im not frustrated, just wondering why this process has to be so difficult. I have installed and configured SSL certs, as well as custom development for identity services, and I find this process to be all over the place.

@josh Would you have time to help me out on this.  I've tried about 10 different methods and still have yet to get this to work. 

Any assistance is appreciated.  TY!

You need to find your Certificate Authority root certificate and any intermediate certs. You can email me:

firstname_lastname at bose .com

just sent you a test email please let me know if you got it

Nope. Don't make the subject just "test" - spam filter doesn't like that.

Made an image of it: 

just sent another email let me know if you've received it. 

@josh Just wanted to let you know that I was able to get this going.  I have the process documented, and its actually not as bad as I thought.  Took some time to understand keystores a little more, as well as keeping my eyes on the logs.  

Just wanted to thank you for your time, I really appreciated that you took some time out of your day to help me out.  I will post the entire process on a blog real soon.  

Hello @Eric Criniere,

I have the same problem that you talk in this post. Can you share your process ?

I tried several methods and I still have the same problem.

Do not hesitate if you have any questions.

Thanks

Here are some of the steps of what I did to get it working:
* wilcard exported as a .pfx with private key as exportable

* Created a java keystore

* Merge .pfx and java keystore using the command below:

** keytool -importkeystore -srckeystore "<.pfx location>" -srcstoretype pkcs12 -srcalias "<{d71...}>" -destkeystore "<tomcat-keystore.jks>" -deststoretype jks -deststorepass "< java keystore pw>" -destalias tomcat -srcstorepass "pfx store pw"

* Update server.xml with the java keystore information

My issues with this approach is that the password in the server.xml is not encrypted.

Thank you, il will try it.