I'd like to use the Jira CLI to export a list of issues, but I have trouble connecting to the server. My company issues certificates we have to use when logging on to the web interface of jira, so I exported this certificate, with the private key, using certmgr.msc. I then moved to linux, and imported this certificate into a new keystore file, as follows:
keytool -importkeystore -srckeystore cert.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS
Next, I obtained the public key of the server, by clicking on the padlock in the address bar of Firefox, navigating to "Export...", and then imported the server certificate into a new truststore, as follows:
keytool -import -keystore servercert.jks -file server.crt
Finally, I try using the Jira CLI from the linux commad line as follows:
java -Djavax.net.ssl.trustStore=servercert.jks -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=clientcert.jks -Djavax.net.ssl.keyStorePassword=changeit -jar ./lib/jira-cli-3.9.0-SNAPSHOT.jar --server https://server --user username --password password --action getIssueList --filter 10000 --file output.txt
This results in the following error message:
Unable to log in to server: https://server/rpc/soap/jirasoapservice-v2 with user: username. Cause: ; nested exception is: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
Any ideas as to what I'm doing wrong?
Found a solution that works for me:
First, export your own certificate and private key into a .pfx file as described above, then use the following commands to split it into separate files for the certificate and the key [1]:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
Then follow the excellent description given in Ref. 2, and remember in particular to use the commandline options for keyStoreType and trustStoreType (trustStoreType may be unneccesary, if jks is the default) as listed under Issues/Remarks/Tips at the bottom of the answer.
References:
1: https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File
2: http://stackoverflow.com/questions/1666052/java-https-client-certificate-authentication
Thanks for posting. I will add a link to this answer in the reference.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Key note for those using a .pfx file (usually exported from IIS)
I struggled with this for entirely too long...nowhere in the documentation does Atlassian mention the fix for our scenario. I signed up for an account just to post this-- I hope it saves someone's day.
At the end of Step 1, Certificate Option 2-- on the 'Running Confluence over SSL' links: https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html
don't create a keystore.
In Confluence's server.xml file, where you specify '-srckeystore <MY_PKC12_KEYSTORE_NAME>', enter the path to your .pfx file. That is your srckeystore file. Atlassian, please recognize this and update your documentation. Much love!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Don't know, butHow to deal with https and SSL problems has some other references that may help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.