I'd like to get some confirmation on the correct steps in renewing our current SSL certificate on Jira Server.
I've looked at these two documents but am not 100% sure.
Can someone confirm these steps, considering we don't run any proxy/reverse proxy, no nginx, Jira running as a service on Apache Tomcat.
1. Generate new CSR from existing keystore alias
2. In our CA(GoDaddy), re-key the cert and download the CA reply, which format to download?
3. Import the root or intermediate CA certificates with Import Trusted Certificate(which is it, or both?)
4. Import the CA Reply(the .crt file?)
5. Tools > Keystore Report to confirm?
6. Restart Jira instance
I forgot to answer the question from step 3.
Ideally, it would be best to import both Intermediate and Root CA into the cacerts file.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Artur Moura, to clarify, you suggest to import intermediate and root in CA, then combine them with a PEM into a single PFX file to upload into keystore?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Jh
The idea is you use the PFX instead of the JKS file you should currently be using. (In this case, into the Java KeyStore configured at the server.xml file)
In both cases, the intermediate and Root CA certificates need to be imported into the Java TrustStore (cacerts file)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.