I am hoping that someone can help me out. I am trying to follow this guide
To get Jira working over SSL, I have already received my cert (and tried re-keying it after the first failure.
Following this guide at least 6 times, I fail every time I get to this step:
Verify the certificate exists within the keystore.
jira -keystore <JIRA_HOME>
This must be a
PrivateKeyEntry, if it is not the certificate setup has not successfully completed.
No matter what I try, I always receive this output
jira, Jun 21, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): E3:97:CC:BE:ED:88:F7:C5:E4:EE:B0:AF:5F:DD:D4:0D:F8:96:FC:36
Can anyone point me in the right direction?
I appreciate any help that can be provided
I found that Atlassian's documentation was wrong/confusing. Instead I followed a combination of GoDaddy, Jira and Confluence docuementation to get this working.
I cant guarentee this is 100% the best way to achieve the results, but for anyone struggling with this in the future here is what I did
In order to get Jira, or confluence working over SSL with a GoDaddy SSL cert there are a few things to note
To begin, generate your CSR:
openssl req -new -newkey rsa:2048 -nodes -keyout subdomain.example.com.key -out subdomain.example.com.csr
Move your key to /etc/pki/tls/private
mv subdomain.example.com.key /etc/pki/tls/private/
After you receive the certs from GoDaddy they will look something like this
Its best to rename the public cert to match your website (i.e. subdomain.example.com)
After you have put the files in place (for example /etc/pki/tls/certs), use keytool to create a self signed cert for tomcat (because in this case Apache is going to be serving the comercial ssl cert):
mv 2b128c4eff80ed.crt /etc/pki/tls/certs/subdomain.example.com mv gd_bundle.crt /etc/pki/tls/certs/jira.crt mv gd_intermediate.crt /etc/pki/tls/certs/jira_intermediate.crt
keytool -genkeypair -alias tomcat -keyalg RSA
The last few steps involve editing Jira/Confluence's server.xml and setting up Apache's ssl.conf. Comment out the default connector, and uncomment the connector which has "8443" as the port:
<Service name="Catalina"> <!-- <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/> --> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true" keystorePass="xxxx" keystoreFile="/etc/pki/tls/private/.keystore" proxyName="subdomain.example.com"/>
Finally, adjust the ssl.conf to look something like this:
LoadModule ssl_module modules/mod_ssl.so Listen 443 NameVirtualHost *:443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_html_module modules/mod_proxy_html.so SSLProxyEngine On <VirtualHost *:443> ServerName confluence.example.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / https://localhost:9443/ ProxyPassReverse / https://localhost:9443/ <Location /> Order allow,deny Allow from all </Location> </VirtualHost> <VirtualHost *:443> ServerName subdomain.example.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/subdomain.example.com.crt SSLCertificateKeyFile /etc/pki/tls/private/subdomain.example.com.key ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / https://localhost:8443/ ProxyPassReverse / https://localhost:8443/ <Location /> Order allow,deny Allow from all </Location> </VirtualHost> <VirtualHost *:443> ServerName oc.example.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key DocumentRoot /var/www/html/owncloud/ <Directory /var/www/html/owncloud> AllowOverride All order allow,deny Allow from all </Directory> </VirtualHost>
You should now be able to visit your site via https://subdomain.example.com
Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs