Renewing SSL Certificate

Jh May 8, 2023

I'd like to get some confirmation on the correct steps in renewing our current SSL certificate on Jira Server.

I've looked at these two documents but am not 100% sure.

https://confluence.atlassian.com/jirakb/how-to-update-the-ssl-certificate-used-by-jira-1129680381.html

https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html

Can someone confirm these steps, considering we don't run any proxy/reverse proxy, no nginx, Jira running as a service on Apache Tomcat.

1. Generate new CSR from existing keystore alias

2. In our CA(GoDaddy), re-key the cert and download the CA reply, which format to download?

2023-05-08_16-55-11.png

3. Import the root or intermediate CA certificates with Import Trusted Certificate(which is it, or both?)

4. Import the CA Reply(the .crt file?)

5. Tools > Keystore Report to confirm?

6. Restart Jira instance

 

1 answer

0 votes
Artur Moura
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 12, 2023

Hi @Jh

The steps look good. However, if you have a Windows machine, I recommend using a PFX file directly. 

This way made the renewal process way more manageable.

You may use this KB as a reference.

Please let me know your thoughts.

Artur Moura
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 12, 2023

@Jh 

I forgot to answer the question from step 3.

Ideally, it would be best to import both Intermediate and Root CA into the cacerts file.

Jh June 16, 2023

@Artur Moura, to clarify, you suggest to import intermediate and root in CA, then combine them with a PEM into a single PFX file to upload into keystore?

Artur Moura
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 16, 2023

Hi @Jh

The idea is you use the PFX instead of the JKS file you should currently be using. (In this case, into the Java KeyStore configured at the server.xml file)

In both cases, the intermediate and Root CA certificates need to be imported into the Java TrustStore (cacerts file) 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.22.6
TAGS
AUG Leaders

Atlassian Community Events