Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How-To: Jira Server with official Wildcard Certificate (Use or Renew)

I am not deep into Java or Tomcat. I had to renew an expiring certificate and was told to use the companies wildcard cert and was provided the .pfx the with the password and a .crt file.

I looked around, the atlassian documentations never described exactly what I needed and community posts failed at some step.

I use the third party app portecle because I like GUI and this is for Windows.

Step 1:
Check your server.xml (by default in C:\Program Files\Atlassian\JIRA\conf) for the alias defined in the https connector. If you search for "port="443"" you should find it pretty quickly. 

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keyAlias="tomcat" keystoreFile="C:\Program Files\Atlassian\JIRA\jira.jks" keystorePass="HEREISYOURPASSWORD" keystoreType="JKS" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`&quot;&lt;&gt;" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="true"/>

 There the important information you need is your password:


the Alias:


and the keystore file location:

keystoreFile="C:\Program Files\Atlassian\JIRA\jira.jks"


Step 2:
Make sure you have your wildcard's .crt and .pfx file and the password for it.

Step 3:
Download portecle. The project page is
As of today the download can be found here (if this is dead, check the project page for the actual download link)

Step 4:
Stop Jira Service

Step 5:
Backup your actual keystore file. (just copy it somewhere or rename it in filename.jks.bak

Now we are ready to go:

Step 6:
Start portecle by extracting the downloaded zip file and clicking on portecle.jar

Step 7:
File -> New Keystore
Keystore Type: JKS

Step 8: 
Tools -> Import Trusted Certificate
Select the .crt file.
Maybe there is an error which says "Could not establish a ttrust path for the certificate."
Don't worry and click "OK"
Now it will display the certificate details.
Make sure the CN you got the right one. Subject CN should be * and "Valid Until" should be in the future ;)
Click OK and accept the certificate as trusted. (Click Yes)

Keep the Alias and click "OK"

Step 9:
Tools -> Import Keypair
Select the .pfx file
Enter the password for your .pfx file and click "OK" in the "Import Key Pair" dialogue.
Now it prompts for the "Key Pair Alias". This must be the Alias from your server.xml

In my case it is "tomcat" (without " ")
Now it will prompt you to enter a new Key Pair Entry Password.
Use the password from your server.xml because otherwise you will have to modify the server.xml.

Step 10:
File -> Save as
It will prompt you to set a new Keystore Password. 
Use the password from your server.xml otherwise you will have to modify the server.xml again. I had problems using two differen passwords for keypair and keystore.
Then save the .jks file
Finally make sure you move the .jks file to the destination specified in the server.xml.
Start the Service and - at least in my case, it worked instantly.





3 answers

1 accepted

1 vote
Answer accepted

Well, that's it

0 votes

Thanks for this article, huge help. 

I really appreciate the article. It did the trick.

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you