Any step by step guide for Replacing expiring SSL Certificates with new ones on Jira? Edited

Hi,

We are running Jira 7.3.1 with Apache 2.4 and MS SQL Server for our Service Desk. We had to enroll and request new certificates with SAN due to the new security and SSL support changes made by Chrome browser. New certificates are ready to be deployed but, I barely remember all those complicated steps to install and configure Jira to run over Apache proxy (SSL). Basically I need a step by step guide to replace my certificates on Apache, then on Jira (portecle and some cacerts store) keystore. Is there a possibility that anyone might have such a guide by any chance?

I would really apreciate any help.

Thanks.

1 answer

This widget could not be displayed.

Hi Ahmet,

The best way to go about replacing the certificates is to use the Advanced configuration section of the Running JIRA Applications over SSL or HTTPS:

To import the root and/or intermediate CA:

<JAVA_HOME>/keytool -import -alias rootCA -keystore <JIRA_HOME>/jira.jks -trustcacerts -file root.crt

To import the signed certificate  provided by the CA:

<JAVA_HOME>/keytool -import -alias jira -keystore <JIRA_HOME>/jira.jks -file jira.crt

To verify the certificate exists within the keystore:

<JAVA_HOME>/keytool -list -alias jira -keystore <JIRA_HOME>/jira.jks

Review the Advanced configuration section of the Running JIRA Applications over SSL or HTTPS for more information.

Cheers,

Branden

Hi Brenden,

I know it's a real very late reply but, it took me like ages to go over on all Atllasian guides. Please don't be offended but, I personally think that Atlassian only made it so complicated with all those so called guides. I was about to bang my head to the walls during this stage. Thanks to the community though. I used Ivar Sonstabo's answer in this post :  https://community.atlassian.com/t5/JIRA-questions/Installing-SSL-in-JIRA/qaq-p/356787 . Just 4 commands to run in Java's keytool. and replace 2 lines where you reference your cert and key file in Apache's httpd.conf file.

 

None of the Atlassian's guides are addressing the issue of 'Replacing the existing or expired certificates on Jira Server' in my opinion.

 

Cheers.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

160 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you