Perform the following steps to import an SSL certificate:
1. Open up a command window and go to the directory where the certificate file
resides.
2. Generate a Java KeyStore (JKS) for JIRA by running the
keytool -genkey -alias jira -keyalg RSA -keystore /opt/jks/jira.jks
3. Import the certificate into KeyStore repository
keytool -import -alias jira -keystore JIRA_INSTALL/jira.jks -file file.crt
where file.crt is the certificate file.
4. Open the server.xml file located in the /opt/atlassian/jira/conf directory in a text editor.
5. Locate and uncomment the following XML configuration snippet:
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLS" useBodyEncodingForURI="true"
keystoreFile="/opt/jks/jira.jks"
keystorePass="mypassword"
keyAlias="jira"
keystoreType="JKS"/>
Letsencrypt
Install certbot ppa:
sudo add-apt-repository ppa:certbot/certbot
then install certbot:
sudo apt install certbot
run certbot for manual installation of letsencrypt using challenge via DNS:
sudo certbot certonly --manual --preferred-challenges dns
openssl pkcs12 -export -in fullchain1.pem -inkey privkey1.pem -out cert_and_key.p12 -name tomcat -CAfile chain1.pem -caname root
keytool -importkeystore -srcstorepass ppz2017 -deststorepass ppz2017
-destkeypass ppz2017 -srckeystore jira.siza.my/cert_and_key.p12
-srcstoretype PKCS12 -alias tomcat
-keystore jira.jks
TO see what contains in the keystore:
keytool -list -keystore /opt/jks/jira.jks6. Restart JIRA to apply the changes.
sudo systemctl stop jira
sudo systemctl start jira
No comments:
Post a Comment