Thursday, April 17, 2014

Renewing JIRA's the SSL Certificate on Windows

Basically this is JAVA specific stuff.

Environment:


  • Windows Server 2008 R2
  • JIRA Standalone (6.2) (Installed in C:\JIRA)
  • JDK 1.7 (Installed to C:\JDK)
AFAIK this method applies to all JIRA and JAVA/JDK editions.


Step 1: Identifying the JKS (Java KeyStore) file location


This is the file where the certificates used by Tomcat are stored. The JKS file is linked with JIRA in the server.xml file that is located under the JIRA INSTALL DIRECTORY\conf\server.xml (In this example C:\JIRA\conf\server.xml). Open in notepad and search for JKS to find the section we're insterested in. 

SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keyAlias="tomcat" keystoreFile="C:\JIRA\cert\jira.jks" keystorePass="somepass" keystoreType="JKS" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="true" />


Step 2: Creating a CSR


For this you use keytool.exe that is located in your JDK instance's bin directory. You will be asked for the keystore password that can also be found on the xml mentioned earlier. Make sure to mention the -alias parameter with the keyAlias attribute from the settings.xml file.

C:\JDK\bin> keytool -certreq -keystore "C:\JIRA\cert\jira.jks" -alias tomcat

No questions asked, the request will use the same properties as your current certificate. Now copy-paste the CSR from the console and send it to your CA that will issue the certificate for you.


Step 3: Installing the new certificate


Once you got the new certificate save it as a .cer file (I'll save it as C:\JIRA\cert\jira.cer in this example) and open its properties to export *all* the CA certificates from the certification path:




Click on View Certificate -> Details -> Copy to File and export it in the DER encoded binary X.509 format.



After the exports, in this example I'll have 3 certificates to import into the KeyStore file:
jira.cer (the certificate I got from the CA)
ca-root.cer (the first certificate exported in the Certification Path)
ca-intermediary.cer (the second certificate exported in the Certification Path)

So go back to the Command Prompt, you JAVA instance's bin directory and use keytool.exe to import all these certificates. When you're asked if you want to import the certificate, type yes at the console.


C:\JDK\bin>keytool.exe -importcert -keystore "C:\JIRA\cert\jira.jks" -storepass somepass -trustcacerts -alias ca-root -file "C:\JIRA\cert\ca-root.cer" C:\JDK\bin>keytool.exe -importcert -keystore "C:\JIRA\cert\jira.jks" -storepass somepass -trustcacerts -alias ca-intermediate -file "C:\JIRA\cert\ca-intermediate.cer" C:\JDK\bin>keytool.exe -importcert -keystore "C:\JIRA\cert\jira.jks" -storepass somepass -trustcacerts -alias tomcat -file "C:\JIRA\cert\jira.cer"


Restart Tomcat (JIRA) and you're done.

17 comments:

  1. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging…
    Regards,
    JAVA Training in Chennai|JAVA Course in Chennai

    ReplyDelete
  2. Great post!!Thanks for sharing your interactive blog of article.
    Dot net training in Chennai | Dot net course in Chennai

    ReplyDelete
  3. This can be a good technique in installing the SSL certificate. Good thing that you have able to put this kind of ideas wherein it consist of comprehensive techniques in SSL installation. I think it will be good steps for me to pursue my work with Urgent essay writing that is identical with this concept.

    ReplyDelete
  4. Very good write-up. I definitely appreciate this website. Continue the good work!
    Devops Online Training
    Adobe cq5 Training
    Dell Boomi Training

    ReplyDelete
  5. we are offering best devops online training with job support and high quality training facilities and well expert faculty .
    to Register you free demo please visit ,devops training in hyderabad

    ReplyDelete
  6. You have done really great job. Your blog is very unique and informative. Thanks. Devops Training | Data Science Training

    ReplyDelete


  7. Great post!! This can be one particular of the most useful blogs We’ve ever arrive across on this subject. Basically Wonderful. I am also a specialist in this topic so I can understand your hard work.
    Selenium Training
    Selenium Training in Chennai

    ReplyDelete
  8. Excellent and useful post. Thanks for taking time to share this post to my vision. Continue share more like this.
    Java Training in Chennai | Java course in Chennai

    ReplyDelete
  9. Your blog is awesome.You have clearly explained about it.It's very useful for me to know about new things..Keep on blogging.
    Selenium Training in Chennai | Selenium Course in Chennai

    ReplyDelete
  10. The strategy you have updated here will make me to get trained in future technologies. By the way you are running a great blog. Thanks for sharing this.

    ReplyDelete
  11. Thank you for this valuable information. Get your business to the next level in simple steps. We provides lowest price of erp Software for our clients erp in Chennai

    ReplyDelete