Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira over HTTPS Help!

Server Team
Server Team May 7, 2018

Hi, ive tried this kb article https://confluence.atlassian.com/jirakb/how-to-run-jira-over-https-with-a-personal-information-exchange-pfx-certificate-432804342.html

 

I tried the example in that article and replaced the variables with our own.  When i try to start the atlassian services, it fails

 

We are trying to simply change the Url to Jira.conveyhs.com and bind an IP and certificate

 

 

I can upload what my server.xml file looks like so you can see how ive set it up.

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
useBodyEncodingForURI="true"
acceptCount="100" scheme="https" secure="true"
address="IP address of My Virtual IP"
keystoreFile="C:\Conveyhs.com_Wildcard_SHA2_6-16-2020.pfx" keystorePass="Password To My Key" keyAlias="1" keystoreType="PKCS12"
clientAuth="false" connectionTimeout="20000" sslProtocol="TLS" useBodyEncodingForURI="true"/>

 

What am i doing wrong?

 

Answer
Watch
Like Be the first to like this
1440 views

3 answers

0 votes
Server Team
Server Team May 10, 2018

So what I really need done is, I need to bindings.  One External, and one Internal

I have an IP for both.  Basically I know how to do it in IIS but not Apache Tomcat

View More Comments
Michael Wolfe
Michael Wolfe
Community Champion
May 10, 2018

Which External and Internal bindings are you referring to?  Also, if you are running IIS on this server, make sure you aren't conflicting with Apache Tomcat by binding the same IP address with an SSL certificate in IIS that you are trying to use in Apache Tomcat.

If you cannot get your current configuration working, then you may want to try using the Java Keystore method.  Here is another community question that lists all the steps needed to import a PFX cert into the keystore:

https://community.atlassian.com/t5/Jira-questions/Installing-SSL-in-JIRA/qaq-p/356787

Once the certificate has been added to the Keystore, change your server.xml to point to the Keystore, and supply the keystore password.  Your server.xml should look similar to this:

 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"
keystoreFile="/usr/local/java/jre1.8.0_151/lib/security/cacerts" keyAlias="jirassl"
keystorePass="keystorePassword" keystoreType="JKS"/>

Like
Server Team
Server Team May 11, 2018

Here is my conncector

 

 <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"
     minSpareThreads="25" maxSpareThreads="25" enableLookups="false"
     disableUploadTimeout="true" acceptCount="100" scheme="https"
     secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"
     keystoreFile="conf/Conveyhs.com_Wildcard_SHA2_6-16-2020.pfx" keystorePass="Nh1b3gr8"
     keystoreType="PKCS12"/>

 

As you can see I specified the PKCS12 store and it is working fine.

I was just wondering how you specify that you want it to listen on a specific IP address.  Like in IIS Bindings example below:

Jira PLEASE!.png

Like
Michael Wolfe
Michael Wolfe
Community Champion
May 11, 2018

According to this KB https://confluence.atlassian.com/jirakb/how-to-run-jira-on-a-specific-ip-321847552.html you just add it to your connector string.

This is how your connector will look:

<Connector address=127.0.0.1 port="443" maxHttpHeaderSize="8192" maxThreads="150"
     minSpareThreads="25" maxSpareThreads="25" enableLookups="false"
     disableUploadTimeout="true" acceptCount="100" scheme="https"
     secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"
     keystoreFile="conf/Conveyhs.com_Wildcard_SHA2_6-16-2020.pfx" keystorePass="Nh1b3gr8"
     keystoreType="PKCS12"/>

 

Obviously, change 127.0.0.1 to the IP address you wish Jira to use, then restart the Jira service.

Like
Server Team
Server Team May 11, 2018

Ok this looks promising,

so since I need two listeners one for uspgi and one for conveyhs  do I just add two lines with address=??  or do I create two separate Connectors one for uspgi and one for conveyhs?

Like
Michael Wolfe
Michael Wolfe
Community Champion
May 11, 2018

That would imply that you are running two Jira instances on the server, which I doubt is possible.  It sounds like you want your users to access the Jira server by either going to jira.uspgi.com or jira.conveyhs.com, is that correct?  Right now, it isn't possible to have a per project based Jira url.

If these URL's are internal, and external, then you can do it by using a proxy server to proxy/rewrite one of the URLs to the other one.  There is a caveat:

"JIRA runs on a single URL and uses that for everything.  If you set up a second one with rewrites and proxies, then functions that use the base url won't work on that site (gadgets, reports, REST and email are the four areas I've seen it fail in, and I suspect there's a load more if you did more extensive testing)"

Like
Reply
0 votes
Server Team
Server Team May 10, 2018

BTW this is a Windows Server 2012 R2 PC

 

I was told by atlassian support that the above server.xml connector is all I need for a .pfx cert

 

do I really have to mess with the jira keystore if I am running windows, and windows has its own key store?

Reply
0 votes
Michael Wolfe
Michael Wolfe
Community Champion
May 9, 2018

You will need to make sure you import the proper Root, Intermediate, and server certificates into the Jira Keystore located in %installationPath%/jre/lib/security/cacerts.  You will also want to run %jiraInstallation%/bin/config.bat and configure your HTTPS port.  I had some issues changing the port on my server so I left them as default, and use an Apache rewrite so users don't have to type in port numbers.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.