Saturday, December 30, 2017

Setup SSL for Jira

How to do it...

Perform the following steps to import an SSL certificate:

1. Open up a command window and go to the directory where the certificate file
resides.

2. Generate a Java KeyStore (JKS) for JIRA by running the

keytool -genkey -alias jira -keyalg RSA -keystore /opt/jks/jira.jks

3. Import the certificate into KeyStore repository
keytool -import -alias jira -keystore JIRA_INSTALL/jira.jks -file file.crt

where file.crt is the certificate file.

4. Open the server.xml file located in the /opt/atlassian/jira/conf directory in a text editor.

5. Locate and uncomment the following XML configuration snippet:

maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLS" useBodyEncodingForURI="true"

keystoreFile="/opt/jks/jira.jks"
keystorePass="mypassword"
keyAlias="jira"
keystoreType="JKS"/>




Letsencrypt

Install certbot ppa:

sudo add-apt-repository ppa:certbot/certbot

then install certbot:
sudo apt install certbot


 run certbot for manual installation of letsencrypt using challenge via DNS:

sudo certbot certonly --manual --preferred-challenges dns

openssl pkcs12 -export -in fullchain1.pem -inkey privkey1.pem -out cert_and_key.p12 -name tomcat -CAfile chain1.pem -caname root

keytool -importkeystore -srcstorepass ppz2017 -deststorepass ppz2017 
-destkeypass ppz2017 -srckeystore jira.siza.my/cert_and_key.p12 
-srcstoretype PKCS12 -alias tomcat 
-keystore jira.jks

TO see what contains in the keystore:
keytool -list -keystore /opt/jks/jira.jks

6. Restart JIRA to apply the changes.
sudo systemctl stop jira
sudo systemctl start jira



No comments: