The CN must match the fully qualified hostname of the server running Confluence, or Tomcat won't be able to use the certificate for SSL.
First and last name: this is not your name, it is the Common Name (CN), for example ''. Follow the prompts to specify the certificate details. This info is used to construct the X.500 Distinguished Name (DN) of the entity. Make a note of the password, you'll need it in the next step. Tomcat has a known issue with special characters. When prompted, create a password for the certificate (private key). $JAVA_HOME/bin/keytool -genkeypair -keysize 2048 -alias tomcat -keyalg RSA -sigalg SHA256withRSA To generate a self-signed certificate using keytool:įrom the command line, run the appropriate command for your operating system: In this example, we'll use Java's keytool utility, which is included with the JDK. If you're not comfortable using command line utilities KeyStore Explorer is a useful alternative to the command line. Users won't be able to log in to your site at all via the Confluence Server mobile app if you use a self-signed certificate. This usually will only occur the first time they access the site. In general, you might use a self-signed certificate on a test environment and on internal corporate networks (intranets).īecause the certificate is not signed by a certificate authority (CA), users may receive a message that the site is not trusted and may have to perform several steps to accept the certificate before they can access the site. Self-signed certificates are useful if you require encryption but don't need to verify the identity of the requesting website. Option 1: Create a self-signed certificate You can't use the app with a self-signed certificate, or one from an untrusted or private CA. If your team plans to use the Confluence Server mobile app, you'll need a certificate issued by a trusted Certificate Authority. You can create your own self-signed certificate, or acquire one from a trusted Certificate Authority. If you already have a certificate, skip to step 2. You'll need a valid certificate before you can enable HTTPS. We recommend you enable HTTPS on your site. Now you can import the file to the destination machine and configure the web server to use it.Running Confluence without HTTPS enabled may leave your site exposed to vulnerabilities, such as man-in-the-middle or DNS rebinding attacks. Note: Please replace the “qqq” behind “-srcalias” with the alias, you noted in the previous step and the “xxx” behind “-deststorepass” with the password for the .jks file. The last step is now to import the certificate and its private key into the keystore by running the following command: keytool -importkeystore -srckeystore d:\cert\wildcard.pfx -srcstoretype pkcs12 -srcalias -destkeystore d:\cert\wildcard.jks -deststoretype jks -deststorepass xxx -destalias wildcard Open the file cert.txt and look for the line starting with “ Aliasname:“. To do so, run the following command: keytool -v -list -storetype pkcs12 -keystore d:\cert\wildcard.pfx > d:\cert\cert.txt 
In order to import the certificate, we first have to reveal the alias used. Now we import the other two CA certificates the same way: keytool -import -trustcacerts -file "d:\cert\COMODORSAAddTrustCA.crt" -alias COMODORSAAddTrustCA -keystore d:\cert\wildcard.jks -storepass xxx keytool -import -trustcacerts -file "d:\cert\COMODORSAOrganizationValidationSecureServerCA.crt" -alias COMODORSAOrganizationValidationSecureServerCA -keystore d:\cert\wildcard.jks -storepass xxx Note: Please replace the “xxx” behind “-storepass” with a reasonable password. Since the key store doesn’t exist, it will create it automatically: keytool -import -trustcacerts -file "d:\cert\AddTrustExternalCARoot.crt" -alias AddTrustExternalCARoot -keystore d:\cert\wildcard.jks -storepass xxx The first command puts the root CA’s certificate into the keystore. Now, we’ll use the keytool command inside the java installation folder (in my case C:\Program Files\Java\jre1.8.0_201\bin to create the keystore and put all necessary files in there.
COMODORSAOrganizationValidationSecureServerCA.crt. In my case the folder contained the following files: The certificate(s) of all intermediate CAs existing in the trust chain of the certificate. The certificate of the root CA of the certificate. Copy the following files to this folder. Create a folder to collect all necessary files in. So, in order to fulfill this request, the following steps were necessary: KEYSTORE EXPLORER ONLINE WINDOWS 10
Since I use a Windows 10 workstation, I had to assure, that Java was installed, in my case version 1.8.
It didn’t contain the certificates of the intermediate CAs. The certificate to be used had two “issues”: Recently I got the request to manually create a Java keystore (.jks) to be used on a linux-based webserver.
0 kommentar(er)
