Confluence, SSL and a Windows CA

This documentation takes into account the extra steps required for installing a certificate and chain issued by a Windows CA when configuring Atlassian Confluence for SSL/HTTPS. This is basically a replacement for Step #1 in the aforementioned link.

In this example “$Confluence$>” is the Confluence install directory. I keep the .keystore file in this directory for my own tracking purposes.

  1. Create the CSR on the Confluence server $Confluence$>jre\bin\keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore .keystore

  2. Generate the certificate and download as a Base64 file format

  3. Export the certificate chain as a DER file format

  4. Double click the file to open it in windows

  5. Export each layer (in our case there’s two) to a file. In this case, the root certificate is is rootca1.cer, intermediate is rootca2.cer. Make sure you use the Base64 Encoded X.509 (CER) format.

  6. Install the root certificate

$Confluence$>jre\bin\keytool.exe -import -alias root -keystore .keystore -file rootca1.cer

Enter keystore password: 
Owner: CN=[snip}
Issuer: CN=[snip]
Serial number: [snip]
Valid from: [snip]
Certificate fingerprints: [snip]
Trust this certificate? [no]: yes
Certificate was added to keystore
  1. Install the intermediate certificate
$Confluence$>jre\bin\keytool.exe -import -alias intermediate -keystore .keystore -file rootca2.cer

Enter keystore password: Certificate was added to keystore

  1. Install the server certificate
E:\Atlassian\Confluence>jre\bin\keytool.exe -import -alias tomcat -file hostname.cer -keystore .keystore
Enter keystore password:
Certificate reply was installed in keystore
  1. Confirm you’ve done the rest and configured the keystore password in the Confluence configuration file and then restart the Atlassian Confluence process.

Questions? Comments? Hate mail? Tell me below.

#CA #Confluence #SSL #windows