Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Troubleshooting jira over ssl certificate chain

Christopher Log3
Christopher Logan October 20, 2014

I'm trying to get JIRA working over ssl, the website comes up but the certificate doesn't show up as trusted. I exported the certificates from my workstation and imported them into the java keystore. How would I go about troubleshooting this issue?

Answer
Watch
Like Be the first to like this
2654 views

4 answers

0 votes
DavidL
DavidL October 22, 2014

The keystore alias doesn't matter. It can be anything that you want it to be. Make sure that you add the RootCA and IntermediateCA to cacerts keystore or whatever store you are using to keep your CA certs. You typically don't have to do this since its coming from a known CA, but I have seen that it does fix problems. You can use the cacerts in the JDK that you are using or copy it and add the two certs.

In Tomcat, you would have something like this in your SSL connector section, where the keystore-ident has the key and signed cert for your site

keystoreFile="/jira/.keystore-ident"
keystorePass="changeit"
keyAlias="jira"
trustsoreFile="/jira/cacerts"
truststorePass="changeit"

View More Comments
Christopher Log3
Christopher Logan October 22, 2014

I don't have the trust store information it should be the same file should I just add that and the alias's?

Like
DavidL
DavidL October 23, 2014

If you have everything in one file you don't need the truststoreFile and trustorePass. You still need the keyAlias since this tells Tomcat what key to use for encryption. But you should still add the root and intermediate certs for your CA. It is also better if you add the certs in the order of root CA -> intermediate cert -> site cert.

Like
Reply
0 votes
Norman Abramovitz
Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 20, 2014

So you need run the keytool and update the apache tomcat setup file.   Please see the keytool commands in the following previous answer and the information about the slight differences in the apache setup for Linux.   I assume you are already following the setup directions already mentioned in the documentation.  Do not forget to setup the keyalias parameter.

https://answers.atlassian.com/questions/20947

https://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPS

https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL

 

View More Comments
Christopher Log3
Christopher Logan October 21, 2014

Maybe I'm confused about the alias parameter, I had to add two extra certs for my cert chain, when I added them I called them whatever I wanted, for example I called them RootCA and IntermediateCA because I didn't care what they were listed as in my keystore, is that wrong, do they need to be called something specific? I checked tonight, the issue most certainly is the chain is broken but I added the extra certs by exporting the certificates I wanted from windows and importing them into java keystore using the keytool -import -alias RootCA -keystore /home/svccltprdqdsgit/atlassian/application-data/jira.jks -trustcacerts -file RootCA.crt This is what was listed in the jira ssl document.

Like
Reply
0 votes
Christopher Log3
Christopher Logan October 20, 2014

The certificate was signed by my company Windows CA.

View More Comments
Norman Abramovitz
Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 20, 2014

Is your environment Linux or Windows?

Like
Christopher Log3
Christopher Logan October 20, 2014

Its a linux host running Jira, windows is the CA

Like
Reply
0 votes
Norman Abramovitz
Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 20, 2014

How was your certificate created? A self signed certificate is rarely trusted by default.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.