As per instructions mentioned in https://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPS#RunningJIRAoverSSLorHTTPS-trust
I have created a CSR file and imported to THAWTE for generating a CA file.
Thawte has given me file in X509 format.
As per instrcutions in THAWTE,
I have followed and created a keystore file.
While trying to configire SSL, I am getting this issue ?
Keystore Path (leave blank to exit)> /home/a.b2cops/.keystore Keystore Password> Key Alias> jira The referenced certificate could not be found or accessed. Do you want to try again? ([Y]/N)? >
Please let me know what went wrong ??
Thank you , I have fixed it myself....While running the commands here keytool -import -alias [your_alias_name] -trustcacerts -file X.509_file_name -keystore [keystorename]
keystorename should be the JKS which you have provided before submitting to your CA, whereas I pointed that to new keystore.
This thread was very useful to me in getting our JIRA instance's SSL configured, but it still took a lot of fiddling and forum-crawling. I thought I'd give a rundown of what I needed to go to get it configured in a step-by-step manner, in case it would help anyone else (or if I ever needed to do it again!):
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sunil,
It seems to me that you've imported the certificate file in a different keystore than the one used by JIRA. I suggest you to repeat all the steps but adding the parameter "-keyfile $JAVA_HOME/jre/lib/security/cacerts" -- please fill the $JAVA_HOME variable according to your system. It will add the certificates on the JAVA-wide keystore.
When you'd finished to add the certificates on the keystore, copy it for $JIRA_INST/conf and set it on the 'Keystore Path' under the JIRA Configuration Tool.
Best regards,
Lucas Timm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I tried to import onto $JAVA_HOME/jre/lib/security/cacerts and tried to point it
Please select the keystore from the options below. It must contain the certificate and the private key to be used.
[S] The system-wide Java keystore (/cust/soe/opt/jdk/1.6.0-19/jre/lib/security/cacerts)
[U] User-defined location
Keystore> S
Keystore Password>
Key Alias> tomcat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks! Following all of that worked.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I don't understand the solution you've found here, and seem to be having a similar problem. I submitted my CSR to a CA, received my signed cert, and imported it into the keystore (now twice, under a separate alias):
root@track:/opt/atlassian/jira/jre/bin# ./keytool -import -alias ssl -file /etc/ssl/certs/server.crt -keystore "/opt/atlassian/jira/jre/lib/security/cacerts" Enter keystore password: Certificate already exists in keystore under alias <tomcatcacert> Do you still want to add it? [no]: yes Certificate was added to keystore root@track:/opt/atlassian/jira/jre/bin#
But then when I go back in to config.sh, I get this:
Please select the keystore from the options below. It must contain the certificate and the private key to be used. [S] The system-wide Java keystore (/opt/atlassian/jira/jre/lib/security/cacerts) [U] User-defined location [C] The currently configured (/opt/atlassian/jira/jre/bin/keystore) Keystore> s Keystore Password> Key Alias> ssl The referenced certificate could not be found or accessed. Do you want to try again? ([Y]/N)? > n
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Jon,
You should import server.crt onto keystore which you have generated before submitting it to your CA.
In my case I followed https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO832 and generated keytool -genkey -keysize 2048 -keyalg RSA -alias [Alias name] -keystore [Keystore Name]
So you have to use "[Keystore Name]" instead of any other keystore.
Try again it should work.....
Note:
When you run the below command after your last step , you should see Entry type: PrivateKeyEntry,
Certificate chain length: 3 (depending upon CA certs) and Certificate[1] should be 1
$ keytool -list -v -keystore .kesytore
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: tomcat
Creation date: Mar 15, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
>>>You should import server.crt onto keystore which you have generated before submitting it to your CA.
If I have sertificate which was created long time ago and keystore where it was genereted doen't exist anymore? How can I use it?
Can't import it, it show me
The referenced certificate could not be found or accessed.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
i assume the keystore you're lookin for is inside jiras installataion directory.
i.e. if defaults are used please have a look at
/opt/atlassian/jira/jre/lib/security/cacerts
this is the keystore jira will use unless you change JAVA_HOME in "$INSTALL/jira/bin/permgen.sh"
what you did is creating a keystore for the current user which was placed in your home directory ->
/home/a.b2cops/.keystore
you could tell jira to use this keystore but i wouldn't do that...
in your shell run sth like
echo $JAVA_HOME
if this differs from
grep "export JAVA_HOME" /opt/atlassian/jira/bin/permgen.sh
you can proceed from there
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
My JAVA_HOME is different from ATlassian inbuilt JRE .....
When I followed the same steps for self signed certificate in QA environment, it worked fine.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It doesn't matter where the JAVA_HOME come from as long as you use the '-keyfile' parameter pointing to the correct keystore file. Try to copy the /cust/soe/opt/jdk/1.6.0-19/jre/lib/security/cacert file to $JIRA_INST/conf. Also try a 'keytool -list -v -keyfile $JIRA_INST/conf/cacert what is the "Entry Type" for the Tomcat aliased certificate whether it's a PrivateKeyEntry or a TrustedCert.
Best regards,
Lucas Timm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please select the keystore from the options below. It must contain the certificate and the private key to be used.
[S] The system-wide Java keystore (/cust/soe/opt/jdk/1.6.0-19/jre/lib/security/cacerts)
[U] User-defined location
Keystore> U
Keystore Path (leave blank to exit)> /cust/atlassian/jira_app1/conf/cacerts
Keystore Password>
Key Alias> tomcat
The referenced certificate could not be found or accessed. Do you want to try again? ([Y]/N)? > N
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you , I have fixed it myself....While running the commands here keytool -import -alias [your_alias_name] -trustcacerts -file X.509_file_name -keystore [keystorename]
keystorename should be the JKS which you have provided before submitting to your CA, whereas I pointed that to new keystore.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.