This documentation takes into account the extra steps required for installing a certificate and chain issued by a Windows CA when configuring Atlassian Confluence for SSL/HTTPS. This is basically a replacement for Step #1 in the aforementioned link.
In this example “$Confluence$>” is the Confluence install directory. I keep the .keystore file in this directory for my own tracking purposes.
Create the CSR on the Confluence server $Confluence$>jre\bin\keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore .keystore
Generate the certificate and download as a Base64 file format
Export the certificate chain as a DER file format
Double click the file to open it in windows
Export each layer (in our case there’s two) to a file. In this case, the root certificate is is rootca1.cer, intermediate is rootca2.cer. Make sure you use the Base64 Encoded X.509 (CER) format.
Install the root certificate
$Confluence$>jre\bin\keytool.exe -import -alias root -keystore .keystore -file rootca1.cer
Enter keystore password:
Owner: CN=[snip}
Issuer: CN=[snip]
Serial number: [snip]
Valid from: [snip]
Certificate fingerprints: [snip]
Trust this certificate? [no]: yes
Certificate was added to keystore
- Install the intermediate certificate
$Confluence$>jre\bin\keytool.exe -import -alias intermediate -keystore .keystore -file rootca2.cer
Enter keystore password: Certificate was added to keystore
- Install the server certificate
E:\Atlassian\Confluence>jre\bin\keytool.exe -import -alias tomcat -file hostname.cer -keystore .keystore
Enter keystore password:
Certificate reply was installed in keystore
- Confirm you’ve done the rest and configured the keystore password in the Confluence configuration file and then restart the Atlassian Confluence process.
Questions? Comments? Hate mail? Tell me below.