Hi,
We are running Jira 7.3.1 with Apache 2.4 and MS SQL Server for our Service Desk. We had to enroll and request new certificates with SAN due to the new security and SSL support changes made by Chrome browser. New certificates are ready to be deployed but, I barely remember all those complicated steps to install and configure Jira to run over Apache proxy (SSL). Basically I need a step by step guide to replace my certificates on Apache, then on Jira (portecle and some cacerts store) keystore. Is there a possibility that anyone might have such a guide by any chance?
I would really apreciate any help.
Thanks.
Hi Ahmet,
The best way to go about replacing the certificates is to use the Advanced configuration section of the Running JIRA Applications over SSL or HTTPS:
To import the root and/or intermediate CA:
<JAVA_HOME>/keytool -import -alias rootCA -keystore <JIRA_HOME>/jira.jks -trustcacerts -file root.crt
To import the signed certificate provided by the CA:
<JAVA_HOME>/keytool -import -alias jira -keystore <JIRA_HOME>/jira.jks -file jira.crt
To verify the certificate exists within the keystore:
<JAVA_HOME>/keytool -list -alias jira -keystore <JIRA_HOME>/jira.jks
Review the Advanced configuration section of the Running JIRA Applications over SSL or HTTPS for more information.
Cheers,
Branden
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Brenden,
I know it's a real very late reply but, it took me like ages to go over on all Atllasian guides. Please don't be offended but, I personally think that Atlassian only made it so complicated with all those so called guides. I was about to bang my head to the walls during this stage. Thanks to the community though. I used Ivar Sonstabo's answer in this post : https://community.atlassian.com/t5/JIRA-questions/Installing-SSL-in-JIRA/qaq-p/356787 . Just 4 commands to run in Java's keytool. and replace 2 lines where you reference your cert and key file in Apache's httpd.conf file.
None of the Atlassian's guides are addressing the issue of 'Replacing the existing or expired certificates on Jira Server' in my opinion.
Cheers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.