I am not deep into Java or Tomcat. I had to renew an expiring certificate and was told to use the companies wildcard cert and was provided the .pfx the with the password and a .crt file.
I looked around, the atlassian documentations never described exactly what I needed and community posts failed at some step.
I use the third party app portecle because I like GUI and this is for Windows.
Step 1:
Check your server.xml (by default in C:\Program Files\Atlassian\JIRA\conf) for the alias defined in the https connector. If you search for "port="443"" you should find it pretty quickly.
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keyAlias="tomcat" keystoreFile="C:\Program Files\Atlassian\JIRA\jira.jks" keystorePass="HEREISYOURPASSWORD" keystoreType="JKS" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="true"/>
There the important information you need is your password:
keystorePass="HEREISYOURPASSWORD"
the Alias:
keyAlias="tomcat"
and the keystore file location:
keystoreFile="C:\Program Files\Atlassian\JIRA\jira.jks"
Step 2:
Make sure you have your wildcard's .crt and .pfx file and the password for it.
Step 3:
Download portecle. The project page is http://portecle.sourceforge.net/
As of today the download can be found here (if this is dead, check the project page for the actual download link)
https://sourceforge.net/projects/portecle/
Step 4:
Stop Jira Service
Step 5:
Backup your actual keystore file. (just copy it somewhere or rename it in filename.jks.bak
Now we are ready to go:
Step 6:
Start portecle by extracting the downloaded zip file and clicking on portecle.jar
Step 7:
File -> New Keystore
Keystore Type: JKS
Step 8:
Tools -> Import Trusted Certificate
Select the .crt file.
Maybe there is an error which says "Could not establish a ttrust path for the certificate."
Don't worry and click "OK"
Now it will display the certificate details.
Make sure the CN you got the right one. Subject CN should be *.domain.com and "Valid Until" should be in the future ;)
Click OK and accept the certificate as trusted. (Click Yes)
Keep the Alias and click "OK"
Step 9:
Tools -> Import Keypair
Select the .pfx file
Enter the password for your .pfx file and click "OK" in the "Import Key Pair" dialogue.
Now it prompts for the "Key Pair Alias". This must be the Alias from your server.xml
In my case it is "tomcat" (without " ")
Now it will prompt you to enter a new Key Pair Entry Password.
Use the password from your server.xml because otherwise you will have to modify the server.xml.
Step 10:
File -> Save as
It will prompt you to set a new Keystore Password.
Use the password from your server.xml otherwise you will have to modify the server.xml again. I had problems using two differen passwords for keypair and keystore.
Then save the .jks file
Finally make sure you move the .jks file to the destination specified in the server.xml.
Start the Service and - at least in my case, it worked instantly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.