Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Changing confluence to SSL

Robert Nadon
Robert Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 20, 2015

Hi Atlassian experts,

I am trying to move my trial Confluence 5.8.5 Cent OS 7 installation to https. After I do localhost:8090 and it-confluence01:8090 just time out.    I looked through the log files (Catalina.out and atlassian-confluence.log) and after correcting any error in those (My /root/.keystore was not readable by confluence) it still did the same thing.

I also read this https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS and changed my web.xml.  Still exact same behavior.  I change back to http everything work, I move to https and nothing.

Here is my server.xml:  (yes I know changeit is a terrible password but I first have to get it to work then I'll worry about security)

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true" keystoreFile="/root/.keystore"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="changeit"/>

Thanks in advance for any help on this one.

Robert

Answer
Watch
Like Be the first to like this
5426 views

3 answers

1 accepted

0 votes
Answer accepted
Robert G. Nadon
Robert G. Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 5, 2015

Turns out the problem was that confluence was using the ID confluence1 with home directory of /home/confluence1 and I needed to place .keystore there.    Would be nice if confluence saw an ID of confluence as asked (you already have a confluence ID do you want to use that?)  but once I placed the .keystore in the correct place everything worked.  I have up to /home/jira7/ on my JIRA box lol

Reply
1 vote
Jason Plumhoff
Jason Plumhoff
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 21, 2015

Something else to consider... I'm not sure if you are thinking of putting a reverse proxy on the same server at some point, but I found it easier to configure SSL to terminate at the proxy and then just use the standard web.xml for Confluence.  I was using IIS, but I imagine it would work just as well with Apache or nginx...

View More Comments
Daniel Eads {unmonitored account}
Daniel Eads {unmonitored account}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 21, 2015

Second on this. We use nginx in our environment (and Apache before that) and the setup is pretty straightforward.

Like
Robert Nadon
Robert Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 22, 2015

I third that, that is how we did it at the place I just left. Unfortunately that is item 192 on today hot items list and I need to make sure passwords are not visible immediately and then I can set up a proxy et al.

Like
Reply
1 vote
Daniel Eads {unmonitored account}
Daniel Eads {unmonitored account}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 21, 2015

Hi Robert,

Looks like you might have a typo. The option for sslProtocol can't have an 's' at the end. See https://tomcat.apache.org/tomcat-7.0-doc/config/http.html for confirmation of valid options.

Additionally, the all option is a shortcut for "TLSv1+TLSv1.1+TLSv1.2". Looks like you could swap out your TLS versions with "all" to simplify the config.

View More Comments
Robert Nadon
Robert Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 21, 2015

Thanks, interestingly I did not type that, I simply uncommented it from what was given by Atlassian?!? I tried that, and exact same problem. But now with the extra warning of: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslProtocols' to 'TLSv1,TLSv1.1,TLSv1.2' did not find a matching property.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.