Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Any step by step guide for Replacing expiring SSL Certificates with new ones on Jira?

Ahmet Özdenek
Ahmet Özdenek July 13, 2017

Hi,

We are running Jira 7.3.1 with Apache 2.4 and MS SQL Server for our Service Desk. We had to enroll and request new certificates with SAN due to the new security and SSL support changes made by Chrome browser. New certificates are ready to be deployed but, I barely remember all those complicated steps to install and configure Jira to run over Apache proxy (SSL). Basically I need a step by step guide to replace my certificates on Apache, then on Jira (portecle and some cacerts store) keystore. Is there a possibility that anyone might have such a guide by any chance?

I would really apreciate any help.

Thanks.

Answer
Watch
Like Be the first to like this
19288 views

1 answer

0 votes
somethingblue
somethingblue
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 18, 2017

Hi Ahmet,

The best way to go about replacing the certificates is to use the Advanced configuration section of the Running JIRA Applications over SSL or HTTPS:

To import the root and/or intermediate CA:

<JAVA_HOME>/keytool -import -alias rootCA -keystore <JIRA_HOME>/jira.jks -trustcacerts -file root.crt

To import the signed certificate  provided by the CA:

<JAVA_HOME>/keytool -import -alias jira -keystore <JIRA_HOME>/jira.jks -file jira.crt

To verify the certificate exists within the keystore:

<JAVA_HOME>/keytool -list -alias jira -keystore <JIRA_HOME>/jira.jks

Review the Advanced configuration section of the Running JIRA Applications over SSL or HTTPS for more information.

Cheers,

Branden

View More Comments
Martin Hairer
Martin Hairer August 23, 2017

...

Like
Ahmet Özdenek
Ahmet Özdenek August 23, 2017

Hi Brenden,

I know it's a real very late reply but, it took me like ages to go over on all Atllasian guides. Please don't be offended but, I personally think that Atlassian only made it so complicated with all those so called guides. I was about to bang my head to the walls during this stage. Thanks to the community though. I used Ivar Sonstabo's answer in this post :  https://community.atlassian.com/t5/JIRA-questions/Installing-SSL-in-JIRA/qaq-p/356787 . Just 4 commands to run in Java's keytool. and replace 2 lines where you reference your cert and key file in Apache's httpd.conf file.

 

None of the Atlassian's guides are addressing the issue of 'Replacing the existing or expired certificates on Jira Server' in my opinion.

 

Cheers.

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events