I am using Portecle to install a GoDaddy certificate into JIRA. I am using it to create a JKS file for the web server.
I issued the CSR o GoDaddy and got intermediate certs and the site cert back, I split the intermediate bundle as Portecle cannot import groups of certs, it needs them one at a time.
I imported the CA Reply.
When I check the Certificate in the Key Store, it gives me the error:
"The private key could not be found in the key store"
I am following the guide here:
Do I need to somehow derive the private key from the .crt file?
I wouldn't recommend doing it this way. It's a management hassle (as you are learning) and in order to have Jira listen on port 443, you need to run the Java process as root. If a vulnerability allows an attacker to execute arbitrary code, it will run as root and make it easy for someone to compromise your server.
My recommendation would be to set up a reverse proxy server, such as Apache, and point that at Jira running as an unprivileged user on the default 8080 port. When your cert expires, you simply replace the cert and key, then bounce apache. Easy peasy. I hope that helps.
Ok.
I can see the problems w. using JKS files in Tomcat. But even with a self-signed cert (which I would need to do a reverse proxy) the problem is going to be the same.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It's easy to convert from JKS to PEM format. A variety of methods are discussed on this Stack Overflow post.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.