Saturday, December 30, 2017

Setup SSL for Jira

How to do it...

Perform the following steps to import an SSL certificate:

1. Open up a command window and go to the directory where the certificate file
resides.

2. Generate a Java KeyStore (JKS) for JIRA by running the

keytool -genkey -alias jira -keyalg RSA -keystore /opt/jks/jira.jks

3. Import the certificate into KeyStore repository
keytool -import -alias jira -keystore JIRA_INSTALL/jira.jks -file file.crt

where file.crt is the certificate file.

4. Open the server.xml file located in the /opt/atlassian/jira/conf directory in a text editor.

5. Locate and uncomment the following XML configuration snippet:

maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLS" useBodyEncodingForURI="true"
keystoreFile="/opt/jks/jira.jks"
keystorePass="mypassword"
keyAlias="jira"
keystoreType="JKS"/>




Letsencrypt

Install certbot ppa:

sudo add-apt-repository ppa:certbot/certbot

then install certbot:
sudo apt install certbot


 run certbot for manual installation of letsencrypt using challenge via DNS:

sudo certbot certonly --manual --preferred-challenges dns

openssl pkcs12 -export -in fullchain1.pem -inkey privkey1.pem -out cert_and_key.p12 -name tomcat -CAfile chain1.pem -caname root


keytool -importkeystore -srcstorepass ppz2017 -deststorepass ppz2017 
-destkeypass ppz2017 -srckeystore jira.siza.my/cert_and_key.p12 
-srcstoretype PKCS12 -alias tomcat 
-keystore jira.jks


TO see what contains in the keystore:
keytool -list -keystore /opt/jks/jira.jks

6. Restart JIRA to apply the changes.
sudo systemctl stop jira
sudo systemctl start jira



at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Nvidia new hotplug feature on Linux

 If you use nvidia driver for your GPU, you probably wonder why in some config, you can't hotplug your second monitor. You need to reboo...