Thursday, April 17, 2014

Renewing JIRA's the SSL Certificate on Windows

Basically this is JAVA specific stuff.


  • Windows Server 2008 R2
  • JIRA Standalone (6.2) (Installed in C:\JIRA)
  • JDK 1.7 (Installed to C:\JDK)
AFAIK this method applies to all JIRA and JAVA/JDK editions.

Step 1: Identifying the JKS (Java KeyStore) file location

This is the file where the certificates used by Tomcat are stored. The JKS file is linked with JIRA in the server.xml file that is located under the JIRA INSTALL DIRECTORY\conf\server.xml (In this example C:\JIRA\conf\server.xml). Open in notepad and search for JKS to find the section we're insterested in. 

SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keyAlias="tomcat" keystoreFile="C:\JIRA\cert\jira.jks" keystorePass="somepass" keystoreType="JKS" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="true" />

Step 2: Creating a CSR

For this you use keytool.exe that is located in your JDK instance's bin directory. You will be asked for the keystore password that can also be found on the xml mentioned earlier. Make sure to mention the -alias parameter with the keyAlias attribute from the settings.xml file.

C:\JDK\bin> keytool -certreq -keystore "C:\JIRA\cert\jira.jks" -alias tomcat

No questions asked, the request will use the same properties as your current certificate. Now copy-paste the CSR from the console and send it to your CA that will issue the certificate for you.

Step 3: Installing the new certificate

Once you got the new certificate save it as a .cer file (I'll save it as C:\JIRA\cert\jira.cer in this example) and open its properties to export *all* the CA certificates from the certification path:

Click on View Certificate -> Details -> Copy to File and export it in the DER encoded binary X.509 format.

After the exports, in this example I'll have 3 certificates to import into the KeyStore file:
jira.cer (the certificate I got from the CA)
ca-root.cer (the first certificate exported in the Certification Path)
ca-intermediary.cer (the second certificate exported in the Certification Path)

So go back to the Command Prompt, you JAVA instance's bin directory and use keytool.exe to import all these certificates. When you're asked if you want to import the certificate, type yes at the console.

C:\JDK\bin>keytool.exe -importcert -keystore "C:\JIRA\cert\jira.jks" -storepass somepass -trustcacerts -alias ca-root -file "C:\JIRA\cert\ca-root.cer" C:\JDK\bin>keytool.exe -importcert -keystore "C:\JIRA\cert\jira.jks" -storepass somepass -trustcacerts -alias ca-intermediate -file "C:\JIRA\cert\ca-intermediate.cer" C:\JDK\bin>keytool.exe -importcert -keystore "C:\JIRA\cert\jira.jks" -storepass somepass -trustcacerts -alias tomcat -file "C:\JIRA\cert\jira.cer"

Restart Tomcat (JIRA) and you're done.


  1. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging…
    JAVA Training in Chennai|JAVA Course in Chennai

  2. Great post!!Thanks for sharing your interactive blog of article.
    Dot net training in Chennai | Dot net course in Chennai

  3. This can be a good technique in installing the SSL certificate. Good thing that you have able to put this kind of ideas wherein it consist of comprehensive techniques in SSL installation. I think it will be good steps for me to pursue my work with Urgent essay writing that is identical with this concept.

  4. Very good write-up. I definitely appreciate this website. Continue the good work!
    Devops Online Training
    Adobe cq5 Training
    Dell Boomi Training

  5. we are offering best devops online training with job support and high quality training facilities and well expert faculty .
    to Register you free demo please visit ,devops training in hyderabad

  6. You have done really great job. Your blog is very unique and informative. Thanks. Devops Training | Data Science Training


  7. Great post!! This can be one particular of the most useful blogs We’ve ever arrive across on this subject. Basically Wonderful. I am also a specialist in this topic so I can understand your hard work.
    Selenium Training
    Selenium Training in Chennai

  8. Excellent and useful post. Thanks for taking time to share this post to my vision. Continue share more like this.
    Java Training in Chennai | Java course in Chennai

  9. Your blog is awesome.You have clearly explained about it.It's very useful for me to know about new things..Keep on blogging.
    Selenium Training in Chennai | Selenium Course in Chennai

  10. The strategy you have updated here will make me to get trained in future technologies. By the way you are running a great blog. Thanks for sharing this.

  11. Thank you for this valuable information. Get your business to the next level in simple steps. We provides lowest price of erp Software for our clients erp in Chennai

  12. Nice blog.. Please share more information for online users.. It's really good blog..
    Java Online Training
    Salesforce Online Training
    AWS Online Training


  13. Thanks for this valuable information .i was really learn about content how impact on devops openings in hyderabad tatistics but i get the answer of most of my queries.