Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Replace BitBucket SSL certificate

Gaurav Gundal
Gaurav Gundal April 11, 2018

What is the process to replace the current ssl certificate with new one?

I have .pfx file . I can convert to pem using below command.

openssl pkcs12 -in file.pfx -out file.nokey.pem -nokeys
openssl pkcs12 -in file.pfx -out file.withkey.pem
openssl rsa -in file.withkey.pem -out file.key
cat file.nokey.pem file.key > file.combo.pem

I am not sure about the jks file that is required and mentioned in the config. Do I need to create them ? if yes what are the steps.

 

FInd the JKS as mentioned here * To configure HTTPS-only access to Bitbucket Server

https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-with-tomcat-using-ssl-776640127.html

 

Answer
Watch
Like Be the first to like this
5346 views

1 answer

0 votes
Lonnie
Lonnie
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 11, 2018

Hello Gaurav, Your .pem is an OpenSSL cert and jks is a Java Key Store. 

So you would use the pem file/cert for OpenSSL i.e Apache HTTP server

For Tomcat you want to use the JKS as indicated in the link above. You probably are using both types of technology: Proxy or Load Balancer = pem, Bitbucket App = user Java key and trust store.

 

Anyhow you can also convert your pem to be imported into your java key store and java truststore 

https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html

 

 

Hope this helps

 

Lonnie 

View More Comments
Gaurav Gundal
Gaurav Gundal April 11, 2018

 

Thanks for the information but the question is that If I convert the JKS to pem then what are the instruction that I need to follow to import the certificate.

The documentation is little confusing. 

https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-with-tomcat-using-ssl-776640127.html?_ga=2.64980397.30262181.1523455559-1781458422.1523280451

 

1. Once I create the jks. Should I just replace the new jks with the old one and update the password and alias and then restart the tomcat service.

Beside above step do I need to do anything else.

Like
Lonnie
Lonnie
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 11, 2018

So I am not sure what the reason is for you to replace the cert or key in the first place.

It's possible that you only need to deal with the OpenSSL, i.e the proxy/load balancer.

Like
Gaurav Gundal
Gaurav Gundal April 13, 2018

I have replaced the certs thanks. I need to replace it bcoz we were using SSL certs for https.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security