Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL configuration in Confluence

Lorenze Larot1
Lorenze Larot January 13, 2016

Hello,

I was tasked to configure our confluence server to use our wildcard certificate.  I use this guide as reference https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html. Since I already have  a downloaded certificate. I did not go through all the steps on the guide and proceed with importing the certificate (option2 step 5) using the command below which was successful.

C:\>keytool –import –keystore ..\lib\security\cacerts –alias newcertificate –storepass changeit –noprompt –trustcacerts –file c:\new_certificate.crt

 

I Then proceed with steps 2, 3 and 4. I restarted confluence and tried accessing confluence again using https://confluence.mydomain.com:8443 using chrome now its showing me an error  "ERR_SSL_VERSION_OR_CIPHER_MISMATCH. My  server.xml looks like this:

 

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="mypassword"
keystoreFile="<C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts>"/>

Am I missing something here?

 

Thanks in advance for your response.

 

Best!

 

Answer
Watch
Like Be the first to like this
4094 views

3 answers

0 votes
Jesse Callejas
Jesse Callejas April 6, 2016

Hello Lorenze:

You need to create Confluence's local keystore (If it does not exist, which I think it does since you have already a

certificate) install it there and also install the certificate in the java cacerts file again make sure the chain and/or

the root CA certficate are installed there since Java uses that file to trust any certificate it encounters. and restart Confluence. Remember that while installing the certifiate in Confluence's local keystore you have to use the original "Alias" that was used when the keystore was created so it integrates correctly into your keystore.

 

Cheers

Reply
0 votes
Lorenze Larot1
Lorenze Larot January 14, 2016

@Guilherme Viana [Atlassian]

 

Thanks for your response. Just a quick clarification, I need to remove the certificate that I have imported and go trough the process again on from generating a local certificate until the very end?

 

Thanks,

Lorenze

Reply
0 votes
Guilherme V.
Guilherme V.
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 14, 2016

Hey Lorenze,

Is your keystore locate inside the "cacerts"? Commonly, you need to create a keystore as per that article, and import the certificate inside the keystore, then your keystore path in your server.xml would look like:

keystoreFile="C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts\.keystore"/>

Can you see that I pointed the .keystore archive? I suggest following again that article so you could create a .keystore and import that certificate in it.

Cheers,

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.