This page last changed on May 12, 2009 by ganand.
Confluence and SSL Services
To serve Confluence pages over SSL, refer to Adding SSL for Secure Logins and Page Security. This document describes connections to SSL Services. The most common are LDAP over SSL and Trusted Applications when JIRA is running over SSL.
Importing SSL Certificates
 | The following commands are in reference to JDK 1.5. For commands/syntax relevant to JDK 1.6, please refer to this document. |
Atlassian User LDAP supports connecting to an LDAP server over SSL/HTTPS. The Trusted Communications protocol requires configuration if JIRA is running over SSL.
- Add the root certificate to your default Java keystore with the following command. This is the certificate that was used to authorise the LDAP server's certificate; it will be either the one that was used for signing it, or will come from further up in the trust chain, possibly the root certificate. This is often a self-signed certificate, when both ends of the SSL connection are within the same network. Again, the exact alias is not important.
- Import your LDAP or JIRA server's public certificate into the JVM Keystore. This is the certificate that the LDAP server will use to set up the SSL encryption, and you can use any alias of your choosing in place of "JIRAorLDAPServer.crt".
- Edit the file in your Confluence install directory, confluence\WEB-INF\classes\atlassian-user.xml. Change the value of securityProtocol from "plain" to "ssl":
Switch the LDAP connection to the SSL port, if it's different from the default LDAP port. If you're using the most common LDAPS port, set
The keytool will ask you for a password. The default password is "changeit" without the quotes.
- Verify that the certificate has been added successfully by entering the following command:
- Ensure that you've updated JAVA_OPTS to specify the path to the keystore, as specified in Connecting to SSL services, before restarting tomcat/Confluence.
There's no need to specify an alias for Confluence to use; on connecting to the LDAP server, it will search through the keystore to find a certificate to match the key being presented by the server.
Troubleshooting
Check Unable to Connect to SSL Services due to PKIX Path Building Failed sun.security.provider.certpath.SunCertPathBuilderException or the more general SSL Troubleshooting articles for troubleshooting information.
RELATED ARTICLES
JIRA Connecting to SSL Services
Confluence Unable to Connect to SSL Services
Configure Web Proxy Support for Confluence
Adding SSL for Secure Logins and Page Security
Troubleshooting SSL
|